{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-26T19:49:37.200","vulnerabilities":[{"cve":{"id":"CVE-2021-4444","sourceIdentifier":"security@wordfence.com","published":"2024-10-16T07:15:09.960","lastModified":"2026-06-17T04:19:46.330","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery."},{"lang":"es","value":"El complemento Product Filter de WooBeWoo para WordPress es vulnerable a la omisión de autorización en versiones hasta la 1.4.9 incluida, debido a la falta de comprobaciones de autorización en varias funciones. Esto hace posible que atacantes no autenticados realicen acciones no autorizadas, como crear nuevos filtros e inyectar JavaScript malicioso en un sitio vulnerable. Esto se explotó activamente en el momento del descubrimiento."}],"affected":[{"source":"security@wordfence.com","affectedData":[{"vendor":"woobewoo","product":"Product Filter for WooCommerce by WBW","defaultStatus":"unaffected","versions":[{"version":"0","lessThanOrEqual":"1.4.9","versionType":"semver","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"woobewoo","product":"product_filter","defaultStatus":"unknown","cpes":["cpe:2.3:a:woobewoo:product_filter:*:*:*:*:*:*:*:*"],"versions":[{"version":"0","lessThanOrEqual":"1.4.9","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-10-16T19:10:43.023872Z","id":"CVE-2021-4444","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2527958%40woo-product-filter&new=2527958%40woo-product-filter&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/30b6b0bf-e632-4e83-89ee-a424382534da?source=cve","source":"security@wordfence.com"}]}}]}