2 matches found
WordPress Advanced AJAX Product Filters plugin <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility vulnerability
Authenticated Author+ PHP Object Injection via Live Composer Compatibility vulnerability discovered by WordFence in WordPress Plugin Advanced AJAX Product Filters versions = 3.1.9.6...
CVE-2026-1426 Advanced AJAX Product Filters <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility
The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcodecheck function within the Live Composer compatibility layer. This makes it possible for authenticated...