cleantalk
Vulnerabilities and Security Researches

Product Filter by WBW, CVE-2021-4444

CVE, Research URL

CVE-2021-4444

Home page URL

Security reports for Product Filter by WBW

Application

Product Filter by WBW

Published on
Oct 16, 2024
Research Description
The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery.
Affected versions
Min -, max 1.5.0.
Status
vulnerable
Previous vulnerability researches
Product Filter by WBW (CVE-2024-49691) , Oct 25, 2024
Product Filter by WBW (CVE-2021-4444) , Oct 18, 2024
Product Filter by WBW (CVE-2025-2317) , Apr 05, 2025
Product Filter by WBW (e7afa4d981e4bdaaef2fe66d0f3f09bb3627819f) , Jun 07, 2024
Product Filter by WBW (CVE-2023-50877) , Jun 10, 2024
New vulnerability
Video Playlist For YouTube (CVE-2025-32183) , Apr 05, 2025
Snow Storm (CVE-2025-30858) , Apr 05, 2025
PeproDev CF7 Database (CVE-2025-31573) , Apr 05, 2025
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity (CVE-2025-32167) , Apr 05, 2025
SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity (CVE-2025-32256) , Apr 05, 2025