CVE-2026-10735

UNKNOWN 0.0

ShapedPlugin Multiple Pro Plugins - Backdoor via Compromised Vendor Update Server

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 Pro smart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommerce Pro WordPress plugin before 3.5.3 were distributed with malicious code through the vendor's compromised update server, allowing unauthenticated attackers to deploy a second-stage payload that exfiltrates credentials and other sensitive data and grants full control of affected sites.

Vendor	unknown
Product	smart-post-show-pro
Published	Jun 24, 2026

Stay Ahead of the Next One

Get instant alerts for unknown smart-post-show-pro

Be the first to know when new unknown vulnerabilities affecting unknown smart-post-show-pro are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / smart-post-show-pro

4.0.1 < 4.0.2

Unknown / Real Testimonials Pro

3.2.4 < 3.2.5

Unknown / Product Slider for WooCommerce Pro

3.5.2 < 3.5.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/160ee7f7-91b6-4cce-9462-837130621402/

Credits

Mike Gozdiskowski WPScan