cleantalk
Vulnerabilities and Security Researches

Product Filter by WBW, e7afa4d981e4bdaaef2fe66d0f3f09bb3627819f

CVE, Research URL

e7afa4d981e4bdaaef2fe66d0f3f09bb3627819f

Home page URL

Security reports for Product Filter by WBW

Application

Product Filter by WBW

Published on
May 07, 2021
Research Description
Product Filter by WBW [woo-product-filter] < 1.5.0 Product Filter by WooBeWoo <= 1.4.9 - Missing Authorization The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery.
Affected versions
Min -, max 1.5.0.
Status
vulnerable
Previous vulnerability researches
Product Filter by WBW (CVE-2024-49691) , Oct 25, 2024
Product Filter by WBW (CVE-2021-4444) , Oct 18, 2024
Product Filter by WBW (CVE-2025-2317) , Apr 05, 2025
Product Filter by WBW (e7afa4d981e4bdaaef2fe66d0f3f09bb3627819f) , Jun 07, 2024
Product Filter by WBW (CVE-2023-50877) , Jun 10, 2024
New vulnerability
Snow Storm (CVE-2025-30858) , Apr 05, 2025
PeproDev CF7 Database (CVE-2025-31573) , Apr 05, 2025
SurveyJS: Drag &amp; Drop WordPress Form Builder to create, style and embed multiple forms of any complexity (CVE-2025-32167) , Apr 05, 2025
SurveyJS: Drag &amp; Drop WordPress Form Builder to create, style and embed multiple forms of any complexity (CVE-2025-32256) , Apr 05, 2025
MasterStudy LMS WordPress Plugin – for Online Courses and Education (CVE-2025-32237) , Apr 05, 2025