VYPR

CP Image Store with Slideshow

by WordPress

CVEs (2)

  • CVE-2026-0684MedJan 13, 2026
    risk 0.21cvss 4.3epss 0.00

    The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpis_admin_init' function's permission check. This makes it possible for authenticated attackers, with…

  • CVE-2022-1692Jun 6, 2022
    risk 0.06cvss epss 0.10

    The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack