CP Image Store with Slideshow
Moderate fix1 remedy
cpe:2.3:a:dwbooster:cp_image_store_with_slideshow:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 1.1.9
CP Image Store with Slideshow WordPress Plugin Authorization Bypass Vulnerability Allowing Arbitrary Product Import
Vulnerability
Patched
A vulnerability exists in the CP Image Store with Slideshow plugin for WordPress, in all versions through 1.1.9. The issue is an authorization bypass, allowing authenticated users with Contributor-level access or higher to import arbitrary products via XML. This is possible because the XML file can be uploaded to the server beforehand, and a logic error in the permission check of the 'cpis_admin_init' function fails to properly restrict access.
Impact
Exploitation of this vulnerability allows for unauthorized product imports, which could lead to fraudulent sales or distribution of unauthorized content.
Reproduction
To reproduce this vulnerability, an authenticated user with Contributor-level access must upload an XML file containing product data to the server. Once the file is uploaded, the user can import the products using the 'Importing Area' feature of the CP Image Store with Slideshow plugin, bypassing the intended authorization checks.
Remediation
Users are advised to update the CP Image Store with Slideshow plugin to version 1.2.0 or later, where this vulnerability has been patched.
Added: Jan 13, 2026, 2:46 PM
Updated: Jan 13, 2026, 2:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
0.6exploitability
6.4remediation
7.7relevance
1.9threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.