Medium severity5.3OSV Advisory· Published Oct 25, 2025· Updated Apr 15, 2026

CVE-2025-11269

Description

The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'approveNotice' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings.

Affected products

Wpcodefactory/Woo Product FilterOSV
Range: v2.8.4, v2.8.5, v2.8.6, …

Patches

313f69908cad

https://github.com/wpcodefactory/woo-product-filtervia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/wpcodefactory/woo-product-filter/commit/313f69908cadc31fa9c1e098ff989dc4f75dfdb5nvd
plugins.trac.wordpress.org/changesetnvd
www.wordfence.com/threat-intel/vulnerabilities/id/03b1d518-0e5d-4c28-af04-52611ad583a8nvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000