CVE-2026-3830 | THREATINT

Description

The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks

PUBLISHED Reserved 2026-03-09 | Published 2026-04-13 | Updated 2026-04-13 | Assigner WPScan

Problem types

CWE-89 SQL Injection

Product status

Default status

unaffected

Any version before 3.1.3

affected

Credits

mcdruid finder

WPScan coordinator

References

wpscan.com/...rability/768014fd-0403-4182-b19e-3d46c92d8755/ exploit vdb-entry technical-description

cve.org (CVE-2026-3830)

nvd.nist.gov (CVE-2026-3830)

Download JSON