Описание
The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'approveNotice' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings.
The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'approveNotice' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-11269
- https://github.com/wpcodefactory/woo-product-filter/commit/313f69908cadc31fa9c1e098ff989dc4f75dfdb5
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3382669%40woo-product-filter&new=3382669%40woo-product-filter&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/03b1d518-0e5d-4c28-af04-52611ad583a8?source=cve
Связанные уязвимости
The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'approveNotice' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings.