PT-2025-50814 · Markutos987 · Filter Plus – Product Filter & Wordpress Filter+1
Athiwat Tiprasaharn
·
Published
2025-12-12
·
Updated
2025-12-12
·
CVE-2025-13314
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for WordPress is vulnerable to unauthorized modification of data in all versions up to, and including, 1.1.6 due to a missing capability check on the 'filter save settings' and 'add filter options' AJAX actions. This makes it possible for unauthenticated attackers to modify the plugin's settings and create arbitrary filter options.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Filter Plus – Product Filter & Wordpress Filter
Product Filtering By Categories