cleantalk
Vulnerabilities and Security Researches

CP Image Store with Slideshow, CVE-2026-0684

CVE, Research URL

CVE-2026-0684

Home page URL

Security reports for CP Image Store with Slideshow

Application

CP Image Store with Slideshow

Published on
Jan 13, 2026
Research Description
The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpis_admin_init' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and above, to import arbitrary products via XML, if the XML file has already been uploaded to the server.
Affected versions
max 1.2.0.
Status
vulnerable
Previous vulnerability researches
Advanced Custom Fields: Table Field (CVE-2025-12067) , Jan 27, 2026
Advanced Custom Fields: Table Field (a4db1680-e0ac-425e-90bf-306bb65b921f) , Jun 07, 2024
New vulnerability
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress (CVE-2026-3614) , Apr 16, 2026
Token of Trust: AI Identity Verification, Age Verification, and KYC (CVE-2026-2834) , Apr 16, 2026
Bitcoin Donate Button (CVE-2026-1380) , Apr 16, 2026
WooCommerce Redsys Gateway Light (CVE-2026-5050) , Apr 16, 2026
WP Hello Bar (CVE-2026-1042) , Apr 16, 2026