Woobewoo · Woobewoo Product Filter · CVE-2021-4444
**Name of the Vulnerable Software and Affected Versions**
Product Filter by WooBeWoo plugin for WordPress versions up to, and including 1.4.9
**Description**
The issue is related to authorization bypass due to missing authorization checks on various functions, allowing unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery.
**Recommendations**
Update to the latest version immediately to mitigate risks.
As a temporary workaround, consider restricting access to vulnerable functions until a patch is available.
Avoid using the plugin until the issue is resolved with an update.