| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-3362 | Short Comment Filter <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Minimum Count' Setting | itsananderson | Short Comment Filter | Medium | 4.4 | 2026-04-22 07:45:35 | Deep Dive |
| CVE-2026-6396 | Fast & Fancy Filter – 3F <= 1.2.2 - Cross-Site Request Forgery to Settings Modification via fff_save_settins AJAX Action | webarea | Fast & Fancy Filter – 3F | Medium | 4.3 | 2026-04-22 07:45:34 | Deep Dive |
| CVE-2026-6443 | Essentialplugin Plugins (Various Versions) - Injected Backdoor | essentialplugin | Accordion and Accordion Slider | Critical | 9.8 | 2026-04-17 06:44:49 | Deep Dive |
| CVE-2026-3830 | Product Filter for WooCommerce by WBW < 3.1.3 - Unauthenticated SQLi | Unknown | Product Filter for WooCommerce by WBW | 中危 | - | 2026-04-13 06:00:13 | Deep Dive |
| CVE-2026-3396 | WCAPF – WooCommerce Ajax Product Filter <= 4.2.3 - Unauthenticated Time-Based SQL Injection | shamimmoeen | WCAPF – Ajax Product Filter for WooCommerce | High | 7.5 | 2026-04-08 11:16:59 | Deep Dive |
| CVE-2026-39607 | WordPress Filter Plus plugin <= 1.1.17 - Broken Access Control vulnerability | Wpbens | Filter Plus | - | - | 2026-04-08 08:30:23 | Deep Dive |
| CVE-2026-39517 | WordPress Blog Filter plugin <= 1.7.6 - Cross Site Scripting (XSS) vulnerability | A WP Life | Blog Filter | - | - | 2026-04-08 08:30:15 | Deep Dive |
| CVE-2026-3138 | Product Filter for WooCommerce by WBW <= 3.1.2 - Missing Authorization to Unauthenticated Filter Data Deletion via TRUNCATE TABLE | woobewoo | Product Filter for WooCommerce by WBW | Medium | 6.5 | 2026-03-24 04:27:49 | Deep Dive |
| CVE-2026-32397 | WordPress Filter & Grids plugin <= 3.5.1 - Broken Access Control vulnerability | YMC | Filter & Grids | 中危 | - | 2026-03-13 11:42:12 | Deep Dive |
| CVE-2026-28267 | Digital Arts i-フィルター 安全漏洞 | Digital Arts Inc. | i-フィルター 10 (Windows version only) | - | - | 2026-03-09 22:28:25 | Deep Dive |
| CVE-2025-69378 | WordPress Product Filter for WooCommerce plugin <= 9.1.2 - Privilege Escalation vulnerability | XforWooCommerce | Product Filter for WooCommerce | High | 7.2 | 2026-02-20 15:46:53 | Deep Dive |
| CVE-2026-27057 | WordPress Penci Filter Everything plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability | PenciDesign | Penci Filter Everything | - | - | 2026-02-19 08:27:10 | Deep Dive |
| CVE-2026-0572 | WebPurify Profanity Filter <= 4.0.2 - Missing Authorization to Unauthenticated Plugin Settings Change via webpurify_save_options | webpurify | WebPurify Profanity Filter | Medium | 6.5 | 2026-02-04 08:25:31 | Deep Dive |
| CVE-2026-23769 | Lucy-XSS 安全漏洞 | NAVER | lucy-xss-filter | 中危 | - | 2026-01-16 05:23:56 | Deep Dive |
| CVE-2026-23768 | Lucy-XSS 安全漏洞 | NAVER | lucy-xss-filter | 中危 | - | 2026-01-16 05:20:59 | Deep Dive |
| CVE-2025-69033 | WordPress Blog Filter plugin <= 1.7.3 - Cross Site Scripting (XSS) vulnerability | A WP Life | Blog Filter | 中危 | - | 2025-12-30 10:47:57 | Deep Dive |
| CVE-2025-14313 | Advance WP Query Search Filter <= 1.0.10 - Reflected XSS via taxo_ajax | Unknown | Advance WP Query Search Filter | 中危 | - | 2025-12-30 06:00:05 | Deep Dive |
| CVE-2025-14312 | Advance WP Query Search Filter <= 1.0.10 - Reflected XSS via counter | Unknown | Advance WP Query Search Filter | 中危 | - | 2025-12-30 06:00:04 | Deep Dive |
| CVE-2025-13110 | HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr' | realmag777 | HUSKY – Products Filter Professional for WooCommerce | Medium | 4.3 | 2025-12-18 12:22:28 | Deep Dive |
| CVE-2025-10289 | Filter & Grids <= 3.2.0 - Unauthenticated SQL Injection | wssoffice21 | YMC Filter | Medium | 5.9 | 2025-12-13 07:21:05 | Deep Dive |