SQL Injection in WordPress "Product Filter by WBW" Plugin (CVE-2026-39494)

critical-cve-against-dependency · active

A blind SQL injection vulnerability affects the WordPress "Product Filter by WBW" plugin in all versions up to and including 3.1.2. Attackers could exploit it to query or manipulate the site's database.

Affected packages

Sources

• ghsahttps://github.com/advisories/GHSA-hg8f-fjxw-frxj
• nvdhttps://nvd.nist.gov/vuln/detail/CVE-2026-39494
• google-searchhttps://patchstack.com/database/wordpress/plugin/woo-product-filter/vulnerability/wordpress-product-filter-by-wbw-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve