cbcvebase.
CVE-2021-4444
published 2024-10-16

CVE-2021-4444: The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization…

PriorityP276high7.3CVSS 3.1
AVNACLPRNUINSUCLILAL
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.32%
23.8th percentile
The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery.

Affected

1 ranges
VendorProductVersion rangeFixed in
woobewooproduct_filter_for_woocommerce_by_wbw<= 1.4.9

CVSS provenance

nvdv3.17.3HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
vulncheck7.3HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.