cleantalk
Vulnerabilities and Security Researches

WordPress Filter, WooCommerce Product Filtering by Categories, Tags, Price Range Plugin , Woocommerce admin order filter &#8211, CVE-2025-13314

CVE, Research URL

CVE-2025-13314

Home page URL

Security reports for WordPress Filter, WooCommerce Product Filtering by Categories, Tags, Price Range Plugin , Woocommerce admin order filter &#8211

Application

WordPress Filter, WooCommerce Product Filtering by Categories, Tags, Price Range Plugin , Woocommerce admin order filter &#8211

Published on
Dec 12, 2025
Research Description
The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for WordPress is vulnerable to unauthorized modification of data in all versions up to, and including, 1.1.5 due to a missing capability check on the 'filter_save_settings' and 'add_filter_options' AJAX actions. This makes it possible for unauthenticated attackers to modify the plugin's settings and create arbitrary filter options.
Affected versions
max 1.1.7.
Status
vulnerable
Previous vulnerability researches
Category Icon (CVE-2025-68525) , Jan 06, 2026
Category Icon (CVE-2024-8915) , Oct 13, 2024
Category Icon (CVE-2025-31039) , Jun 15, 2025
Category Icon (CVE-2025-31825) , Apr 05, 2025
New vulnerability
WPLG Default Mail From (CVE-2025-14138) , Jan 11, 2026
Accordion (CVE-2025-69350) , Jan 11, 2026
Import into Easy Property Listings (CVE-2025-62112) , Jan 11, 2026
HelloLeads CRM Form Shortcode (CVE-2025-12696) , Jan 11, 2026
Easy Upload Files During Checkout (CVE-2025-62078) , Jan 11, 2026