GCVE - cpe:2.3:a:themifyme:themify_–_woocommerce_product

Approved changes feed: RSS · Atom

cpe:2.3:a:themifyme:themify_–_woocommerce_product_filter:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Themifyme (`f7e895d5-5092-5eb3-86f0-2330c85eaa63`)
Product	Themify – Woocommerce Product Filter (`0c9df879-dbc4-5e24-8634-64596c44c92b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-6027`	vulnerable	2026-06-08 06:58:17.243036	Themify - WooCommerce Product Filter <= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter CRITICAL (9.8) The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the ‘conditions’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Published: 2024-06-21T09:39:38.125Z Updated: 2026-04-08T16:49:31.088Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/451db756-9d62-4c8e-b735-e5e5207b81e3?source=cve https://plugins.trac.wordpress.org/browser/themify-wc-product-filter/trunk/public/class-wpf-public.php#L604 https://themify.org/changelogs/themify-wc-product-filter.txt https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3104239%40themify-wc-product-filter%2Ftrunk&old=3100861%40themify-wc-product-filter%2Ftrunk&sfp_email=&sfph_mail=#file2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-44046`	vulnerable	2026-06-08 06:45:53.488698	WordPress Themify plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability MEDIUM (5.9) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify – WooCommerce Product Filter themify-wc-product-filter allows Stored XSS.This issue affects Themify – WooCommerce Product Filter: from n/a through <= 1.5.1. Published: 2024-10-06T11:48:34.556Z Updated: 2026-04-28T16:10:16.990Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/themify-wc-product-filter/vulnerability/wordpress-themify-plugin-1-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Themify – Woocommerce Product Filter

PURL mappings

Vulnerability references

Contribute