Filtered by vendor Woobewoo
Subscriptions
Filtered by product Product Filter
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8416 | 2 Woobewoo, Wordpress | 2 Product Filter, Wordpress | 2025-10-27 | 7.5 High |
| The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the 'filtersDataBackend' parameter in all versions up to, and including, 2.9.7. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-11269 | 2 Woobewoo, Wordpress | 2 Product Filter, Wordpress | 2025-10-27 | 5.3 Medium |
| The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'approveNotice' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings. | ||||
| CVE-2021-4444 | 1 Woobewoo | 1 Product Filter | 2024-10-16 | 7.3 High |
| The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery. | ||||
Page 1 of 1.