CVE-2026-3830

CVE-2026-3830: Product Filter for WooCommerce by WBW < 3.1.3 - Unauthenticated SQLi

Vendor Unknown
Product Product Filter for WooCommerce by WBW
Published April 13, 2026
Last update April 13, 2026

CVSS base score

What the vulnerability does

01Description

The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

Explanation of Vulnerability in Simple Terms

02Summary

A vulnerability exists in Product Filter for WooCommerce by WBW versions before 3.1.3. The specific attack vector and impact are not yet documented. Site administrators should update to version 3.1.3 or later to ensure protection.

What an attacker can do

03Attacker Capabilities

Unknown; insufficient technical details available.

Potential impact on your site

04Site Impact

Update Product Filter for WooCommerce by WBW to version 3.1.3 or later.

Conditions required to exploit

05Prerequisites

Unknown; insufficient technical details available.

Key dates

06Disclosure timeline

April 13, 2026 CVE published
April 13, 2026 Record updated