VYPR

Wc Ajax Product Filter

by WordPress

Source repositories

CVEs (3)

  • CVE-2026-1426HigFeb 18, 2026
    risk 0.50cvss 8.8epss 0.00

    The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcode_check function within the Live Composer compatibility layer. This makes it possible…

  • CVE-2026-3396HigApr 8, 2026
    risk 0.44cvss 7.5epss 0.01

    WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing…

  • CVE-2021-24432Jan 16, 2024
    risk 0.00cvss epss 0.00

    The Advanced AJAX Product Filters WordPress plugin does not sanitise the 'term_id' POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue.