VYPR

Product Filter

by Xforwoocommerce

CVEs (2)

  • CVE-2021-4337HigJun 7, 2023
    risk 0.57cvss 8.8epss 0.01

    Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level…

  • CVE-2025-8416HigOct 25, 2025
    risk 0.49cvss 7.5epss 0.00

    The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the 'filtersDataBackend' parameter in all versions up to, and including, 2.9.7. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the…