Unauthorized Actions Possible Due to Plugin Vulnerability
CVE-2021-4444

7.3HIGH

Key Information:

Vendor: Wordpress
Status: Product Filter By Wbw
Vendor: CVE Published:; 16 October 2024

Summary

The WooBeWoo Product Filter plugin for WordPress suffers from an authorization bypass vulnerability, primarily affecting versions up to and including 1.4.9. The vulnerability arises from insufficient authorization checks across multiple functions, enabling unauthenticated attackers to execute unauthorized actions. Exploitation of this vulnerability allows attackers to create new filters and inject malicious JavaScript code into websites using the plugin, posing significant security risks to site integrity and user safety. Immediate updates to the latest plugin version are recommended to mitigate potential threats.

Affected Version(s)

Product Filter by WBW * <= 1.4.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2024
Vulnerability Reserved
Oct 15, 2024

Credit

David Edgar