Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Themify – WooCommerce Product Filter by themifyme

    CVE-2024-44046 (GCVE-0-2024-44046)

    Vulnerability from nvd – Published: 2024-10-06 11:48 – Updated: 2026-04-28 16:10
    VLAI
    Title
    WordPress Themify plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
    Summary
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify – WooCommerce Product Filter themify-wc-product-filter allows Stored XSS.This issue affects Themify – WooCommerce Product Filter: from n/a through <= 1.5.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Date Public
    2026-04-01 16:27
    Credits
    bugcraftx | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-44046",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T13:08:58.675008Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T13:09:16.754Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "themify-wc-product-filter",
              "product": "Themify \u2013 WooCommerce Product Filter",
              "vendor": "themifyme",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.5.2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "bugcraftx | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:27:44.393Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in themifyme Themify \u2013 WooCommerce Product Filter themify-wc-product-filter allows Stored XSS.\u003cp\u003eThis issue affects Themify \u2013 WooCommerce Product Filter: from n/a through \u003c= 1.5.1.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in themifyme Themify \u2013 WooCommerce Product Filter themify-wc-product-filter allows Stored XSS.This issue affects Themify \u2013 WooCommerce Product Filter: from n/a through \u003c= 1.5.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:16.990Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/themify-wc-product-filter/vulnerability/wordpress-themify-plugin-1-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Themify plugin \u003c= 1.5.1 - Cross Site Scripting (XSS) vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-44046",
        "datePublished": "2024-10-06T11:48:34.556Z",
        "dateReserved": "2024-08-18T21:58:39.892Z",
        "dateUpdated": "2026-04-28T16:10:16.990Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-6027 (GCVE-0-2024-6027)

    Vulnerability from nvd – Published: 2024-06-21 09:39 – Updated: 2026-04-08 16:49
    VLAI
    Title
    Themify - WooCommerce Product Filter <= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter
    Summary
    The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the ‘conditions’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    themifyme Themify – WooCommerce Product Filter Affected: 0 , ≤ 1.4.9 (semver)
    Create a notification for this product.
    themify woocommerce_product_filter Affected: 0 , ≤ 1.4.9 (custom)
        cpe:2.3:a:themify:woocommerce_product_filter:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Arkadiusz Hydzik
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:themify:woocommerce_product_filter:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "woocommerce_product_filter",
                "vendor": "themify",
                "versions": [
                  {
                    "lessThanOrEqual": "1.4.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6027",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-24T17:54:46.770579Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-24T19:01:16.495Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:25:03.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/451db756-9d62-4c8e-b735-e5e5207b81e3?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/themify-wc-product-filter/trunk/public/class-wpf-public.php#L604"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://themify.org/changelogs/themify-wc-product-filter.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3104239%40themify-wc-product-filter%2Ftrunk\u0026old=3100861%40themify-wc-product-filter%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Themify \u2013 WooCommerce Product Filter",
              "vendor": "themifyme",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Arkadiusz Hydzik"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Themify \u2013 WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018conditions\u2019 parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:49:31.088Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/451db756-9d62-4c8e-b735-e5e5207b81e3?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/themify-wc-product-filter/trunk/public/class-wpf-public.php#L604"
            },
            {
              "url": "https://themify.org/changelogs/themify-wc-product-filter.txt"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3104239%40themify-wc-product-filter%2Ftrunk\u0026old=3100861%40themify-wc-product-filter%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file2"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-06-20T20:56:18.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Themify - WooCommerce Product Filter \u003c= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-6027",
        "datePublished": "2024-06-21T09:39:38.125Z",
        "dateReserved": "2024-06-14T21:22:44.185Z",
        "dateUpdated": "2026-04-08T16:49:31.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-44046 (GCVE-0-2024-44046)

    Vulnerability from cvelistv5 – Published: 2024-10-06 11:48 – Updated: 2026-04-28 16:10
    VLAI
    Title
    WordPress Themify plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability
    Summary
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify – WooCommerce Product Filter themify-wc-product-filter allows Stored XSS.This issue affects Themify – WooCommerce Product Filter: from n/a through <= 1.5.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Date Public
    2026-04-01 16:27
    Credits
    bugcraftx | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-44046",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T13:08:58.675008Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T13:09:16.754Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "themify-wc-product-filter",
              "product": "Themify \u2013 WooCommerce Product Filter",
              "vendor": "themifyme",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.5.2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "bugcraftx | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:27:44.393Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in themifyme Themify \u2013 WooCommerce Product Filter themify-wc-product-filter allows Stored XSS.\u003cp\u003eThis issue affects Themify \u2013 WooCommerce Product Filter: from n/a through \u003c= 1.5.1.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in themifyme Themify \u2013 WooCommerce Product Filter themify-wc-product-filter allows Stored XSS.This issue affects Themify \u2013 WooCommerce Product Filter: from n/a through \u003c= 1.5.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:10:16.990Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/themify-wc-product-filter/vulnerability/wordpress-themify-plugin-1-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Themify plugin \u003c= 1.5.1 - Cross Site Scripting (XSS) vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2024-44046",
        "datePublished": "2024-10-06T11:48:34.556Z",
        "dateReserved": "2024-08-18T21:58:39.892Z",
        "dateUpdated": "2026-04-28T16:10:16.990Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-6027 (GCVE-0-2024-6027)

    Vulnerability from cvelistv5 – Published: 2024-06-21 09:39 – Updated: 2026-04-08 16:49
    VLAI
    Title
    Themify - WooCommerce Product Filter <= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter
    Summary
    The Themify – WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the ‘conditions’ parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    themifyme Themify – WooCommerce Product Filter Affected: 0 , ≤ 1.4.9 (semver)
    Create a notification for this product.
    themify woocommerce_product_filter Affected: 0 , ≤ 1.4.9 (custom)
        cpe:2.3:a:themify:woocommerce_product_filter:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Arkadiusz Hydzik
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:themify:woocommerce_product_filter:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "woocommerce_product_filter",
                "vendor": "themify",
                "versions": [
                  {
                    "lessThanOrEqual": "1.4.9",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-6027",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-24T17:54:46.770579Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-24T19:01:16.495Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:25:03.171Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/451db756-9d62-4c8e-b735-e5e5207b81e3?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/themify-wc-product-filter/trunk/public/class-wpf-public.php#L604"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://themify.org/changelogs/themify-wc-product-filter.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3104239%40themify-wc-product-filter%2Ftrunk\u0026old=3100861%40themify-wc-product-filter%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Themify \u2013 WooCommerce Product Filter",
              "vendor": "themifyme",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Arkadiusz Hydzik"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Themify \u2013 WooCommerce Product Filter plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018conditions\u2019 parameter in all versions up to, and including, 1.4.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.  This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:49:31.088Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/451db756-9d62-4c8e-b735-e5e5207b81e3?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/themify-wc-product-filter/trunk/public/class-wpf-public.php#L604"
            },
            {
              "url": "https://themify.org/changelogs/themify-wc-product-filter.txt"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3104239%40themify-wc-product-filter%2Ftrunk\u0026old=3100861%40themify-wc-product-filter%2Ftrunk\u0026sfp_email=\u0026sfph_mail=#file2"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-06-20T20:56:18.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Themify - WooCommerce Product Filter \u003c= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-6027",
        "datePublished": "2024-06-21T09:39:38.125Z",
        "dateReserved": "2024-06-14T21:22:44.185Z",
        "dateUpdated": "2026-04-08T16:49:31.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }