WordPress Product Filter by WBW plugin <= 3.1.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by daroo in WordPress Plugin Product Filter by WBW versions = 3.1.2...

CVE-2025-8416 Product Filter by WBW <= 2.9.7 - Unauthenticated SQL Injection

The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the 'filtersDataBackend' parameter in all versions up to, and including, 2.9.7. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

WordPress Product Filter by WBW plugin <= 3.0.0 - Missing Authorization to Unauthenticated Settings Update vulnerability

Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Lucas Montes Nirox in WordPress Plugin Product Filter by WBW versions = 3.0.0...

EUVD-2024-51449

Malicious code in bioql PyPI...

CVE-2025-2317

The Product Filter by WBW plugin for WordPress is vulnerable to time-based SQL Injection via the filtersDataBackend parameter in all versions up to, and including, 2.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2024-6365

The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. This is due to missing authorization and lack of sanitization of appended data in the languages/customTitle.php file. This makes it...

CVE-2023-50877 WordPress Product Filter by WBW plugin <= 2.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in woobewoo Product Filter by WBW allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Filter by WBW: from n/a through 2.5.0...

WordPress Product Filter by WBW Plugin <= 2.7.0 is vulnerable to SQL Injection

Software Product Filter by WBW Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-49691 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 6688f0876dc2 Credits Hakiduck Required privilege Administrator...

CVE-2024-6365

CVE-2024-6365 affects Product Table by WBW for WordPress (wp-plugin). All versions up to 2.0.1 are vulnerable to unauthenticated Remote Code Execution via the saveCustomTitle function, caused by missing authorization and lack of sanitization of appended data in languages/customTitle.php. Impact p...

WordPress Product Table by WBW Plugin <= 2.0.1 is vulnerable to Remote Code Execution (RCE)

Software Product Table by WBW Type Plugin Vulnerable versions = 2.0.1 Fixed in 2.0.2 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-6365 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 2876ab65f8b4 Credits Foxyyy Required privilege...

CVE-2023-51512 WordPress Product Table by WBW plugin <= 1.8.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability in WBW Product Table by WBW.This issue affects Product Table by WBW: from n/a through 1.8.6...

WordPress Product Table by WBW Plugin <= 1.8.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Product Table by WBW Type Plugin Vulnerable versions = 1.8.6 Fixed in 1.8.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51512 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d013df4bc22b Credits Skalucy Requir...

WordPress Product Filter by WBW Plugin <= 2.5.0 is vulnerable to Broken Access Control

Software Product Filter by WBW Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-50877 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID b4377cfc0c43 Credits Abdi Pranata...