CVE-2021-4444 HIGH

CVE-2021-4444: Product Filter by WooBeWoo <= 1.4.9 - Missing Authorization

Vendor Woobewoo

Product Product Filter for WooCommerce by WBW

Weakness CWE-862 · Missing authorization

Published October 16, 2024

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new filters and injecting malicious javascript into a vulnerable site. This was actively exploited at the time of discovery.

Key dates

02Disclosure timeline

October 16, 2024 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-4444 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2026-32452 WordPress Fusion Builder plugin < 3.15.0 - Broken Access Control vulnerability CVE-2025-11692 Zip Attachments <= 1.6 - Missing Authorization to Limited File Deletion CVE-2026-3488 WP Statistics <= 14.16.4 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure and Privacy Audit Manipulation CVE-2025-62072 WordPress Front End Users plugin <= 3.2.33 - Broken Access Control vulnerability CVE-2025-23849 WordPress PAPERCITE plugin <= 0.5.18 - Broken Access Control vulnerability