Woocommerce Product Filter
Approved changes feed: RSS · Atom
cpe:2.3:a:themify:woocommerce_product_filter:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Themify (f684b9e7-8f88-51e9-b947-ef1fa0635887) |
|---|---|
| Product | Woocommerce Product Filter (30737a20-2297-550f-ab03-b271a42e10df) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-44046 |
vulnerable | 2026-06-03 14:56:47.355964 |
WordPress Themify plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
MEDIUM (5.9)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify – WooCommerce Product Filter themify-wc-product-filter allows Stored XSS.This issue affects Themify – WooCommerce Product Filter: from n/a through <= 1.5.1.
Published: 2024-10-06T11:48:34.556Z
Updated: 2026-04-28T16:10:16.990Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2278 |
vulnerable | 2026-06-03 14:55:28.862916 |
WooCommerce Product Filter < 1.4.4 - Admin+ Stored XSS
Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Published: 2024-04-01T05:00:02.466Z
Updated: 2024-10-27T15:03:11.060Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2263 |
vulnerable | 2026-06-03 14:55:28.838224 |
WooCommerce Product Filter < 1.4.4 - Reflected XSS
Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Published: 2024-04-01T05:00:02.150Z
Updated: 2024-08-27T15:43:13.886Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-2262 |
vulnerable | 2026-06-03 14:55:28.837744 |
WooCommerce Product Filter < 1.4.4 - Filter Deletion via CSRF
Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs
Published: 2024-04-01T05:00:01.688Z
Updated: 2024-08-21T22:39:32.516Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-1532 |
vulnerable | 2026-06-03 14:45:59.077599 |
Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting
Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
Published: 2022-06-13T12:41:54.000Z
Updated: 2024-08-03T00:10:02.923Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.