What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through <= 9.1.2.
Explanation of Vulnerability in Simple Terms
02Summary
Product Filter for WooCommerce versions up to 9.1.2 contain a privilege escalation vulnerability affecting high-privileged users. An authenticated administrator can read sensitive data, modify site content, or disrupt service. The vulnerability requires high-level account access and does not involve user interaction. Update to a version newer than 9.1.2 to remediate.
What an attacker can do
03Attacker Capabilities
Read sensitive data, modify site content, or disrupt service if they have high-level admin access.
Potential impact on your site
04Site Impact
Compromised admin accounts can read data, alter content, or disable the site without additional user interaction.
Conditions required to exploit
05Prerequisites
Attacker must have high-level administrator privileges on the WordPress site.
Key dates
06Disclosure timeline
February 20, 2026
CVE published
April 28, 2026
Record updated