Medium severity5.4NVD Advisory· Published Jun 11, 2026· Updated Jun 11, 2026

CVE-2022-45813

Description

Missing authorization in BeRocket Advanced AJAX Product Filters (≤1.6.3.3) allows attackers to exploit incorrectly configured access control, potentially affecting thousands of sites.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing authorization in BeRocket Advanced AJAX Product Filters (≤1.6.3.3) allows attackers to exploit incorrectly configured access control, potentially affecting thousands of sites.

Vulnerability

Missing Authorization vulnerability in the BeRocket Advanced AJAX Product Filters plugin for WordPress allows exploiting incorrectly configured access control security levels. The issue affects all versions from n/a through 1.6.3.3 [1].

Exploitation

An attacker with no special privileges can exploit the missing authorization to perform actions that should require higher-level permissions. The attack does not require authentication and can be carried out remotely [1].

Impact

Successful exploitation leads to broken access control, potentially allowing an unprivileged attacker to execute certain higher-privileged actions. This vulnerability has been used in mass-exploit campaigns targeting thousands of websites regardless of their size or popularity [1].

Mitigation

The vulnerability is fixed in version 1.6.3.4. Users should update to this version or later immediately. If unable to update, users should ask their hosting provider or web developer for help. Patchstack users can enable auto-updates for vulnerable plugins [1].

References

Broken Access Control in WordPress Advanced AJAX Product Filters Plugin

AI Insight generated on Jun 11, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WordPress/Woocommerce Ajax Filtersinferred
Range: <=1.6.3.3
Package: https://wordpress.org/plugins/woocommerce-ajax-filters
WordPress/Advanced AJAX Product Filtersllm-fuzzy
Range: <=1.6.3.3

Patches

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

patchstack.com/database/wordpress/plugin/woocommerce-ajax-filters/vulnerability/wordpress-advanced-ajax-product-filters-plugin-1-6-3-3-broken-access-control-csrfnvd

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000