What the vulnerability does
01Description
Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3.
Explanation of Vulnerability in Simple Terms
02Summary
Advanced AJAX Product Filters versions up to 1.6.3.3 lack proper authorization checks on certain functions. A logged-in user with low privileges can read or modify data they should not have access to. The vulnerability does not affect site availability. Update to a version newer than 1.6.3.3.
What an attacker can do
03Attacker Capabilities
Read or modify data belonging to other users or restricted areas of the site.
Potential impact on your site
04Site Impact
Unauthorized users can access or alter product filter settings and associated data.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site.
Key dates
06Disclosure timeline
June 11, 2026
CVE published
June 11, 2026
Record updated