Product Filtering by Categories, Tags, Price Range for WooCommerce

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus plugin for WordPress is vulnerable to unauthorized modification of data in all versions up to, and including, 1.1.5 due to a missing capability check on the 'filter_save_settings' and 'add_filter_options' AJAX actions. This makes it possible for unauthenticated attackers to modify the plugin's settings and create arbitrary filter options.

Basic Information

ID CVE-2025-13314

Source Wordfence

Published Dec 12, 2025 at 03:20

Affected Product

Vendor markutos987

Product Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus

Version *

Affected Versions markutos987 Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus *

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "The Product Filtering by Categories, Tags, Price Range for WooCommerce \u2013 Filter Plus plugin for WordPress is vulnerable to unauthorized modification of data in all versions up to, and including, 1.1.5 due to a missing capability check on the 'filter_save_settings' and 'add_filter_options' AJAX actions. This makes it possible for unauthenticated attackers to modify the plugin's settings and create arbitrary filter options.",
    "published": "2025-12-12T03:20:56.597Z",
    "modified": "2025-12-12T03:20:56.597Z",
    "type": "cve",
    "title": "Product Filtering by Categories, Tags, Price Range for WooCommerce <= 1.1.5 - Missing Authorization to Unauthenticated Plugin Settings Modification",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c9686681-4e64-43f1-ba0a-56d10c8d1db9?source=cve\nhttps://plugins.trac.wordpress.org/browser/filter-plus/tags/1.1.5/core/admin/settings/action.php#L23\nhttps://plugins.trac.wordpress.org/browser/filter-plus/tags/1.1.5/core/admin/settings/action.php#L82\nhttps://plugins.trac.wordpress.org/browser/filter-plus/tags/1.1.5/core/admin/settings/action.php#L28\nhttps://plugins.trac.wordpress.org/browser/filter-plus/tags/1.1.5/base/enqueue.php#L178",
    "id": "CVE-2025-13314",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "markutos987 Product Filtering by Categories, Tags, Price Range for WooCommerce \u2013 Filter Plus *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Product Filtering by Categories, Tags, Price Range for WooCommerce \u2013 Filter Plus",
    "version": "*",
    "vendor": "markutos987",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Product Filtering by Categories, Tags, Price Range for WooCommerce <= 1.1.5 - Missing Authorization to Unauthenticated Plugin Settings Modification_CVE-2025-13314