CVE-2026-10735

Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 were distributed with malicious code through the vendor's compromised update server, allowing unauthenticated attackers to deploy a second-stage payload that exfiltrates credentials and other sensitive data and grants full control of affected sites.
Configurations

No configuration.

History

24 Jun 2026, 14:17

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

24 Jun 2026, 07:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-24 07:16

Updated : 2026-06-25 19:07


NVD link : CVE-2026-10735

Mitre link : CVE-2026-10735

CVE.ORG link : CVE-2026-10735


JSON object : View

Products Affected

No product.

CWE

No CWE.