Product Filter by WBW

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'approveNotice' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings.

Basic Information

ID CVE-2025-11269

Source Wordfence

Published Oct 25, 2025 at 05:31

Affected Product

Vendor woobewoo

Product Product Filter by WBW

Version *

Affected Versions woobewoo Product Filter by WBW *

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "The Product Filter by WBW plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'approveNotice' action in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to update the plugin's settings.",
    "published": "2025-10-25T05:31:17.552Z",
    "modified": "2025-10-25T05:31:17.552Z",
    "type": "cve",
    "title": "Product Filter by WBW <= 3.0.0 - Missing Authorization to Unauthenticated Settings Update",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/03b1d518-0e5d-4c28-af04-52611ad583a8?source=cve\nhttps://github.com/wpcodefactory/woo-product-filter/commit/313f69908cadc31fa9c1e098ff989dc4f75dfdb5\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3382669%40woo-product-filter&new=3382669%40woo-product-filter&sfp_email=&sfph_mail=",
    "id": "CVE-2025-11269",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "woobewoo Product Filter by WBW *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Product Filter by WBW",
    "version": "*",
    "vendor": "woobewoo",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Product Filter by WBW <= 3.0.0 - Missing Authorization to Unauthenticated Settings Update_CVE-2025-11269