Search criteria
2 vulnerabilities found for WooBeWoo Product Filter Pro by WBW
CVE-2025-39496 (GCVE-0-2025-39496)
Vulnerability from cvelistv5 – Published: 2025-08-28 11:41 – Updated: 2025-08-28 14:48
VLAI?
Title
WordPress WooBeWoo Product Filter Pro plugin < 2.9.6 - SQL Injection vulnerability
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WooBeWoo Product Filter Pro allows SQL Injection.This issue affects WooBeWoo Product Filter Pro: from n/a before 2.9.6.
Severity ?
9.3 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WBW | WooBeWoo Product Filter Pro |
Affected:
n/a , < 2.9.6
(custom)
|
Credits
Trương Hữu Phúc / truonghuuphuc (Patchstack Bug Bounty program)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T13:35:00.052836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:48:08.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WooBeWoo Product Filter Pro",
"vendor": "WBW",
"versions": [
{
"changes": [
{
"at": "2.9.6",
"status": "unaffected"
}
],
"lessThan": "2.9.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac / truonghuuphuc (Patchstack Bug Bounty program)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in WBW WooBeWoo Product Filter Pro allows SQL Injection.\u003cp\u003eThis issue affects WooBeWoo Product Filter Pro: from n/a before 2.9.6.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in WBW WooBeWoo Product Filter Pro allows SQL Injection.This issue affects WooBeWoo Product Filter Pro: from n/a before 2.9.6."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T11:41:43.877Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/woofilter-pro/vulnerability/wordpress-woobewoo-product-filter-pro-plugin-2-7-6-sql-injection-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress WooBeWoo Product Filter Pro wordpress plugin to the latest available version (at least 2.9.6)."
}
],
"value": "Update the WordPress WooBeWoo Product Filter Pro wordpress plugin to the latest available version (at least 2.9.6)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress WooBeWoo Product Filter Pro plugin \u003c 2.9.6 - SQL Injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-39496",
"datePublished": "2025-08-28T11:41:43.877Z",
"dateReserved": "2025-04-16T06:23:58.701Z",
"dateUpdated": "2025-08-28T14:48:08.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-39496 (GCVE-0-2025-39496)
Vulnerability from nvd – Published: 2025-08-28 11:41 – Updated: 2025-08-28 14:48
VLAI?
Title
WordPress WooBeWoo Product Filter Pro plugin < 2.9.6 - SQL Injection vulnerability
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW WooBeWoo Product Filter Pro allows SQL Injection.This issue affects WooBeWoo Product Filter Pro: from n/a before 2.9.6.
Severity ?
9.3 (Critical)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| WBW | WooBeWoo Product Filter Pro |
Affected:
n/a , < 2.9.6
(custom)
|
Credits
Trương Hữu Phúc / truonghuuphuc (Patchstack Bug Bounty program)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-39496",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T13:35:00.052836Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:48:08.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WooBeWoo Product Filter Pro",
"vendor": "WBW",
"versions": [
{
"changes": [
{
"at": "2.9.6",
"status": "unaffected"
}
],
"lessThan": "2.9.6",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac / truonghuuphuc (Patchstack Bug Bounty program)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in WBW WooBeWoo Product Filter Pro allows SQL Injection.\u003cp\u003eThis issue affects WooBeWoo Product Filter Pro: from n/a before 2.9.6.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in WBW WooBeWoo Product Filter Pro allows SQL Injection.This issue affects WooBeWoo Product Filter Pro: from n/a before 2.9.6."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T11:41:43.877Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/wordpress/plugin/woofilter-pro/vulnerability/wordpress-woobewoo-product-filter-pro-plugin-2-7-6-sql-injection-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress WooBeWoo Product Filter Pro wordpress plugin to the latest available version (at least 2.9.6)."
}
],
"value": "Update the WordPress WooBeWoo Product Filter Pro wordpress plugin to the latest available version (at least 2.9.6)."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress WooBeWoo Product Filter Pro plugin \u003c 2.9.6 - SQL Injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-39496",
"datePublished": "2025-08-28T11:41:43.877Z",
"dateReserved": "2025-04-16T06:23:58.701Z",
"dateUpdated": "2025-08-28T14:48:08.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}