VYPR

Product Filter for WooCommerce

by WBW

CVEs (5)

  • CVE-2026-3830HigApr 13, 2026
    risk 0.56cvss 8.6epss 0.00

    The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

  • CVE-2024-49691HigOct 24, 2024
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW woo-product-filter allows SQL Injection.This issue affects Product Filter by WBW: from n/a through <= 2.7.0.

  • CVE-2025-69378HigFeb 20, 2026
    risk 0.47cvss 7.2epss 0.00

    Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through <= 9.1.2.

  • CVE-2026-3138MedMar 24, 2026
    risk 0.42cvss 6.5epss 0.00

    The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check in all versions up to, and including, 3.1.2. This is due to the plugin's MVC framework dynamically registering unauthenticated AJAX handlers…

  • CVE-2020-37174MedMay 13, 2026
    risk 0.36cvss 5.5epss 0.00

    WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text…