Vulnerabilities and security researches forwoo-product-filter woo-product-filter

Apr 05, 2025

CVE, Research URL: CVE-2025-2317
Home page URL: Security reports for Product Filter by WBW
Application: Product Filter by WBW
Date: Apr 04, 2025
Research Description: The Product Filter by WBW plugin for WordPress is vulnerable to time-based SQL Injection via the filtersDataBackend parameter in all versions up to, and including, 2.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: Min -, max -.
Status: vulnerable

Oct 25, 2024

CVE, Research URL: CVE-2024-49691
Home page URL: Security reports for Product Filter by WBW
Application: Product Filter by WBW
Date: Oct 24, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Woobewoo Product Filter by WBW allows SQL Injection.This issue affects Product Filter by WBW: from n/a through 2.7.0.
Affected versions: Min -, max -.
Status: vulnerable

Oct 18, 2024

CVE, Research URL: CVE-2021-4444
Home page URL: Security reports for Product Filter by WBW
Application: Product Filter by WBW
Date: Oct 16, 2024
Research Description: The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-50877
Home page URL: Security reports for Product Filter by WBW
Application: Product Filter by WBW
Date: Dec 09, 2024
Research Description: Missing Authorization vulnerability in woobewoo Product Filter by WBW allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Filter by WBW: from n/a through 2.5.0.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: e7afa4d981e4bdaaef2fe66d0f3f09bb3627819f
Home page URL: Security reports for Product Filter by WBW
Application: Product Filter by WBW
Date: May 07, 2021
Research Description: Product Filter by WBW [woo-product-filter] < 1.5.0 Product Filter by WooBeWoo <= 1.4.9 - Missing Authorization The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery.
Affected versions: Min -, max -.
Status: vulnerable