CVE-2026-1988
📋 TL;DR
This vulnerability allows authenticated WordPress users with Contributor-level access or higher to perform Local File Inclusion attacks via the Flexi Product Slider and Grid plugin's shortcode. Attackers can include and execute arbitrary PHP files on the server by manipulating the 'theme' parameter in posts containing the vulnerable shortcode. This affects all WordPress sites using the plugin version 1.0.5 or earlier.
💻 Affected Systems
- Flexi Product Slider and Grid for WooCommerce WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise leading to data theft, ransomware deployment, or complete site takeover if attackers can upload malicious PHP files and include them via the vulnerability.
Likely Case
Unauthorized file access, sensitive information disclosure, and potential remote code execution if attackers can upload PHP files through other means.
If Mitigated
Limited impact with proper file permissions and restricted user roles, though information disclosure may still occur.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has Contributor privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.0.5
Vendor Advisory: https://plugins.trac.wordpress.org/browser/flexi-product-slider-grid/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Flexi Product Slider and Grid for WooCommerce'. 4. Click 'Update Now' if update is available. 5. Alternatively, delete the plugin and install the latest version from WordPress repository.
🔧 Temporary Workarounds
Restrict User Roles
allTemporarily restrict Contributor and higher roles from creating posts until patching is complete.
Disable Plugin
allDeactivate the vulnerable plugin until a patch can be applied.
🧯 If You Can't Patch
- Implement strict file permissions to prevent PHP file uploads and execution in web directories.
- Monitor and audit user accounts with Contributor or higher privileges for suspicious activity.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for 'Flexi Product Slider and Grid for WooCommerce' version 1.0.5 or lower.Check Version:
wp plugin list --name='flexi-product-slider-grid' --field=versionVerify Fix Applied:
Verify plugin version is higher than 1.0.5 in WordPress admin panel after update.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to WordPress with 'theme' parameter containing directory traversal sequences (../)
- Multiple failed login attempts followed by successful Contributor-level login
Network Indicators:
- HTTP requests with unusual file paths in theme parameter
- Unexpected PHP file inclusions in web server logs
SIEM Query:
source="web_server_logs" AND (uri="*flexipsg_carousel*" AND param="*../*")🔗 References
- https://cwe.mitre.org/data/definitions/22.html
- https://cwe.mitre.org/data/definitions/98.html
- https://plugins.trac.wordpress.org/browser/flexi-product-slider-grid/tags/1.0.5/includes/class-flexipsg-shortcode.php#L82
- https://plugins.trac.wordpress.org/browser/flexi-product-slider-grid/trunk/includes/class-flexipsg-shortcode.php#L82
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ffdd5446-5835-4976-b764-9b5c75251438?source=cve
