175 matches found
WCAPF WooCommerce Ajax Product Filter - SQL Injection
WCAPF WooCommerce Ajax Product Filter = 4.2.3 contains a time-based SQL injection caused by insufficient escaping of the 'post-author' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-3396 info: name: WCAPF WooCommerce Ajax Product Filter ...
EUVD-2026-36360
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2...
CVE-2026-39494
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2...
CVE-2026-39494
The CVE-2026-39494 entry concerns the WordPress plugin Product Filter by WBW (WBW) up to version 3.1.2 . The issue is an SQL Injection due to improper neutralization of special elements in SQL commands , resulting in a blind SQL injection risk. Affected software is the WordPress plugin Product Fi...
CVE-2026-39494 WordPress Product Filter by WBW plugin <= 3.1.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2...
CVE-2026-39494 WordPress Product Filter by WBW plugin <= 3.1.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2...
VulnCheck KEV: CVE-2026-39494
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2...
CVE-2026-11603
The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2026-11603 Product Filter Widget for Elementor <= 1.0.6 - Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter
The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2026-11603 Product Filter Widget for Elementor <= 1.0.6 - Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter
The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
PT-2026-47639
Name of the Vulnerable Software and Affected Versions Product Filter Widget for Elementor versions prior to 1.0.7 Description Insufficient input sanitization and output escaping allow unauthenticated attackers to inject arbitrary web scripts. This is achieved via a CSRF-style form auto-submission...
CVE-2026-3830
The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...
WordPress Product Filter Widget for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Evan NR in WordPress Plugin Product Filter Widget for Elementor versions = 1.0.6...
CVE-2020-37174
The CVE-2020-37174 entry concerns WOOF Products Filter for WooCommerce version 1.2.3, which has a persistent cross-site scripting (XSS) vulnerability. According to the description, authenticated attackers can inject JavaScript payloads via design tab textfields (e.g., Text for block toggle and Cu...
WordPress Premmerce Product Filter for WooCommerce plugin <= 3.7.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Premmerce Product Filter for WooCommerce versions = 3.7.3...
PT-2026-35425
Name of the Vulnerable Software and Affected Versions Product Filter by WBW versions prior to 3.1.2 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection. This occurs when the application fails to properly sanitize user-supplied data before...
WordPress Product Filter for WooCommerce by WBW plugin < 3.1.3 - Unauthenticated SQLi vulnerability
Unauthenticated SQLi vulnerability discovered by mcdruid in WordPress Plugin Product Filter by WBW versions 3.1.3...
WordPress Plugin Product Filter for WooCommerce by WBW Has Unspecified Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin Product Filter for WooCommerce by WBW,...
WordPress Product Filter by WBW plugin <= 3.1.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by daroo in WordPress Plugin Product Filter by WBW versions = 3.1.2...
EUVD-2026-21881
The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...