WordPress Product Filter by WBW plugin

9.3 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection.

This issue affects Product Filter by WBW: from n/a through 3.1.2.

AI Analysis

SQL Injection vulnerability in Product Filter by WBW plugin

Basic Information

ID CVE-2026-39494

Source Patchstack

Published Jun 11, 2026 at 21:05

Affected Product

Vendor WBW Plugins

Product Product Filter by WBW

Version n/a

Affected Versions WBW Plugins Product Filter by WBW n/a

CWE Classification

CWE-89

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor WBW Plugins

Product Product Filter by WBW

Version <= 3.1.2

References

patchstack.com /database/wordpress/plugin/woo-product-filter/vulnerability/wordpress-product-filter-by-wbw-plugin-3-1-2-sql-injection-vulnerability

{
    "lastseen": "",
    "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection.\n\nThis issue affects Product Filter by WBW: from n/a through 3.1.2.",
    "published": "2026-06-11T21:05:40.175Z",
    "modified": "2026-06-11T21:05:40.175Z",
    "type": "cve",
    "title": "WordPress Product Filter by WBW plugin <= 3.1.2 - SQL Injection vulnerability",
    "source": "Patchstack",
    "references": "https://patchstack.com/database/wordpress/plugin/woo-product-filter/vulnerability/wordpress-product-filter-by-wbw-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve",
    "id": "CVE-2026-39494",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "WBW Plugins Product Filter by WBW n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Product Filter by WBW",
    "version": "n/a",
    "vendor": "WBW Plugins",
    "ai_description": "SQL Injection vulnerability in Product Filter by WBW plugin",
    "ai_severity": "Critical",
    "ai_vendor": "WBW Plugins",
    "ai_product": "Product Filter by WBW",
    "ai_version": "<= 3.1.2",
    "ai_score": 9.3
}

WordPress Product Filter by WBW plugin <= 3.1.2 - SQL Injection vulnerability_CVE-2026-39494