Themify Woocommerce Product Filter
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Themify Woocommerce Product Filter.
By the Year
In 2026 there have been 0 vulnerabilities in Themify Woocommerce Product Filter. Woocommerce Product Filter did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 5 | 7.85 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 6.10 |
It may take a day or so for new Woocommerce Product Filter vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Themify Woocommerce Product Filter Security Vulnerabilities
XSS in Themify WooCommerce Product Filter <=1.5.1
CVE-2024-44046
5.9 - Medium
- October 06, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify WooCommerce Product Filter themify-wc-product-filter allows Stored XSS.This issue affects Themify WooCommerce Product Filter: from n/a through <= 1.5.1.
XSS
Themify WooCommerce Product Filter v1.4.9: Timebased SQLi via conditions
CVE-2024-6027
9.8 - Critical
- June 21, 2024
The Themify WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the conditions parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
SQL Injection
WP Themify <1.4.4 XSS via unsanitised Filter settings
CVE-2024-2278
- April 01, 2024
Themify WordPress plugin before 1.4.4 does not sanitise and escape some of its Filters settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Themify WP Plugin before 1.4.4 XSS via unsanitized param
CVE-2024-2263
- April 01, 2024
Themify WordPress plugin before 1.4.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
XSS
Themify WP Plugin <1.4.4: CSRF Allows Bulk Deletion of Filters
CVE-2024-2262
- April 01, 2024
Themify WordPress plugin before 1.4.4 does not have CSRF check in its bulk action, which could allow attackers to make logged in users delete arbitrary filters via CSRF attack, granted they know the related filter slugs
Session Riding
Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page
CVE-2022-1532
6.1 - Medium
- June 13, 2022
Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Themify Woocommerce Product Filter or by Themify? Click the Watch button to subscribe.
