EUVD-2026-21881

| CVE-2026-3830 HIGH
2026-04-13 WPScan
8.6
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 13, 2026 - 13:23 vuln.today
CVSS Changed
Apr 13, 2026 - 13:22 NVD
8.6 (HIGH)

Tags

SQLi WordPress Product Filter For Woocommerce By Wbw

Description

The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

Analysis

SQL injection in Product Filter for WooCommerce by WBW plugin versions below 3.1.3 allows unauthenticated remote attackers to extract sensitive database contents including user credentials, customer data, and order information. The vulnerability requires no authentication (CVSS PR:N) and has low attack complexity with publicly available exploit code. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all WooCommerce installations using Product Filter for WooCommerce by WBW and document current plugin versions via wp-admin or site audit tools. Within 7 days: If version 3.1.3 or later is available, update immediately to the patched version; if patched version is unavailable, disable and deactivate the plugin until vendor patch is released. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

63
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +43
POC: +20

Share

EUVD-2026-21881 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy