Vulnerabilities and security researches forinstantsearch-for-woocommerce instantsearch-for-woocommerce

Apr 05, 2025

CVE, Research URL: CVE-2025-32181
Home page URL: Security reports for WooCommerce Search, Filters & Merchandising
Application: WooCommerce Search, Filters & Merchandising
Date: Apr 04, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fast Simon Search, Filters & Merchandising for WooCommerce allows Stored XSS. This issue affects Search, Filters & Merchandising for WooCommerce: from n/a through 3.0.57.
Affected versions: max 3.0.57.
Status: vulnerable

Dec 10, 2025

CVE, Research URL: CVE-2025-12091
Home page URL: Security reports for WooCommerce Search, Filters & Merchandising
Application: WooCommerce Search, Filters & Merchandising
Date: Dec 06, 2025
Research Description: The Search, Filters & Merchandising for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcis_save_email' endpoint in all versions up to, and including, 3.0.63. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivate the plugin.
Affected versions: max 3.0.63.
Status: vulnerable