Instantsearch For Woocommerce

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-32181	WordPress Instantsearch For Woocommerce	Med	0.42	6.5	0.00		Apr 4, 2025	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fast Simon Search, Filters & Merchandising for WooCommerce instantsearch-for-woocommerce allows Stored XSS.This issue affects Search, Filters & Merchandising for WooCommerce: from n/a through <= 3.0.58.
CVE-2025-12091	WordPress Instantsearch For Woocommerce	Med	0.28	4.3	0.00		Dec 6, 2025	The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcis_save_email' endpoint in all versions up to, and including, 3.0.67. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate the plugin.

CVE-2025-32181MedApr 4, 2025
WordPress
Instantsearch For Woocommerce
risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fast Simon Search, Filters & Merchandising for WooCommerce instantsearch-for-woocommerce allows Stored XSS.This issue affects Search, Filters & Merchandising for WooCommerce: from n/a through <= 3.0.58.
CVE-2025-12091MedDec 6, 2025
WordPress
Instantsearch For Woocommerce
risk 0.28cvss 4.3epss 0.00
The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcis_save_email' endpoint in all versions up to, and including, 3.0.67. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate the plugin.