VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 7 known issues Latest disclosed Mar 23, 2026

Product Filter for WooCommerce by WBW Vulnerabilities

Review known vulnerability records for the WordPress plugin Product Filter for WooCommerce by WBW (`woo-product-filter`), including severity, CVE references, affected versions, and patch status.

View on WordPress.org Back to Feed
Known Records
7
High or Critical
3
Linked CVEs
7
Last Updated
Mar 23, 2026
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Product Filter for WooCommerce by WBW so operators can quickly confirm whether a disclosed issue maps to the installed slug and version range.

Patch Visibility
7 records include a published patch path.
Severity Mix
0 critical and 3 high severity findings.
Reference Workflow
Jump from the hub into the full report when you need remediation notes, CVSS vector details, or source references.
Known Vulnerabilities

Reports for Product Filter for WooCommerce by WBW

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-3138
Product Filter for WooCommerce by WBW <= 3.1.2 - Missing Authorization to Unauthenticated Filter Data Deletion via TRUNCATE TABLE

The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check in all versions up to, and including, 3.1.2. This is due to the plugin's MVC framework dynamically registering unauthenticated AJAX handlers vi...

Published
Mar 23, 2026
Patched Release
3.1.3
Affected Versions
Versions up to 3.1.2
Next Step
Update to 3.1.3 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-11269
Product Filter by WBW <= 3.0.0 - Missing Authorization to Unauthenticated Settings Update

The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'approveNotice' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to update the plugin...

Published
Oct 24, 2025
Patched Release
3.0.1
Affected Versions
Versions up to 3.0.0
Next Step
Update to 3.0.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-8416
Product Filter by WBW <= 2.9.7 - Unauthenticated SQL Injection

The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the 'filtersDataBackend' parameter in all versions up to, and including, 2.9.7. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

Published
Oct 24, 2025
Patched Release
2.9.8
Affected Versions
Versions up to 2.9.7
Next Step
Update to 2.9.8 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-2317
Product Filter by WBW <= 2.7.9 - Unauthenticated SQL Injection via filtersDataBackend Parameter

The Product Filter by WBW plugin for WordPress is vulnerable to time-based SQL Injection via the filtersDataBackend parameter in all versions up to, and including, 2.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

Published
Apr 03, 2025
Patched Release
2.8.0
Affected Versions
Versions up to 2.7.9
Next Step
Update to 2.8.0 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-49691
Product Filter by WBW <= 2.7.0 - Authenticated (Administrator+) SQL Injection

The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated...

Published
Oct 21, 2024
Patched Release
2.7.1
Affected Versions
Versions up to 2.7.0
Next Step
Update to 2.7.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-50877
Product Filter by WBW <= 2.5.0 - Missing Authorization via getListForTbl

The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getListForTbl() function hooked via AJAX in versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with subscrib...

Published
Dec 26, 2023
Patched Release
2.5.1
Affected Versions
Versions up to 2.5.0
Next Step
Update to 2.5.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin High Patched: Yes CVE-2021-4444
Product Filter by WooBeWoo <= 1.4.9 - Missing Authorization

The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as...

Published
May 07, 2021
Patched Release
1.5.0
Affected Versions
Versions up to 1.4.9
Next Step
Update to 1.5.0 or newer if supported.
Open Full Report Open CVE Reference