cleantalk
Vulnerabilities and Security Researches

CP Image Store with Slideshow, CVE-2026-0684

CVE, Research URL

CVE-2026-0684

Home page URL

Security reports for CP Image Store with Slideshow

Application

CP Image Store with Slideshow

Published on
Jan 13, 2026
Research Description
The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpis_admin_init' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and above, to import arbitrary products via XML, if the XML file has already been uploaded to the server.
Affected versions
max 1.2.0.
Status
vulnerable
Previous vulnerability researches
AI ChatBot with ChatGPT and Content Generator by AYS (CVE-2025-62039) , Nov 10, 2025
AI ChatBot with ChatGPT and Content Generator by AYS (CVE-2025-13381) , Dec 11, 2025
AI ChatBot with ChatGPT and Content Generator by AYS (CVE-2026-25338) , Feb 27, 2026
AI ChatBot with ChatGPT and Content Generator by AYS (CVE-2025-13378) , Dec 11, 2025
AI ChatBot with ChatGPT and Content Generator by AYS (CVE-2024-7714) , Sep 29, 2024
New vulnerability
Integration Rede for WooCommerce (CVE-2026-0939) , Apr 16, 2026
Integration Rede for WooCommerce (CVE-2026-0942) , Apr 16, 2026
Katalogportal-pdf-sync Widget (CVE-2026-3649) , Apr 16, 2026
Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress (CVE-2026-4949) , Apr 16, 2026
Church Admin (CVE-2026-0682) , Apr 16, 2026