{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-69378", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-31T20:13:05.452Z", "datePublished": "2026-02-20T15:46:53.046Z", "dateUpdated": "2026-04-28T16:14:39.701Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "prdctfltr", "product": "Product Filter for WooCommerce", "vendor": "XforWooCommerce", "versions": [{"lessThanOrEqual": "9.1.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:20:40.663Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.<p>This issue affects Product Filter for WooCommerce: from n/a through <= 9.1.2.</p>"}], "value": "Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through <= 9.1.2."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:39.701Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/prdctfltr/vulnerability/wordpress-product-filter-for-woocommerce-plugin-9-1-2-privilege-escalation-vulnerability?_s_id=cve"}], "title": "WordPress Product Filter for WooCommerce plugin <= 9.1.2 - Privilege Escalation vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T18:52:30.813342Z", "id": "CVE-2025-69378", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T18:52:37.832Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-69378", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-27T18:52:30.813342Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T17:52:29.386Z"}}], "cna": {"title": "WordPress Product Filter for WooCommerce plugin <= 9.1.2 - Privilege Escalation vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "XforWooCommerce", "product": "Product Filter for WooCommerce", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "9.1.2"}], "packageName": "prdctfltr", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:20:40.663Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/prdctfltr/vulnerability/wordpress-product-filter-for-woocommerce-plugin-9-1-2-privilege-escalation-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through <= 9.1.2.", "supportingMedia": [{"type": "text/html", "value": "Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.<p>This issue affects Product Filter for WooCommerce: from n/a through <= 9.1.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:14:01.558Z"}}}, "cveMetadata": {"cveId": "CVE-2025-69378", "state": "PUBLISHED", "dateUpdated": "2026-04-27T18:52:37.832Z", "dateReserved": "2025-12-31T20:13:05.452Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-02-20T15:46:53.046Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through <= 9.1.2."}, {"lang": "es", "value": "Vulnerabilidad de Asignaci\u00f3n Incorrecta de Privilegios en XforWooCommerce Product Filter para WooCommerce prdctfltr permite la escalada de privilegios. Este problema afecta a Product Filter para WooCommerce: desde n/a hasta &lt;= 9.1.2."}], "id": "CVE-2025-69378", "lastModified": "2026-04-27T19:16:43.473", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-02-20T16:22:22.297", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/prdctfltr/vulnerability/wordpress-product-filter-for-woocommerce-plugin-9-1-2-privilege-escalation-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,9.1.2]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "product_filter_for_woocommerce", "vendor": "xforwoocommerce"}], "analysis": {"en": {"generated_at": "2026-04-28T17:38:09.605194+00:00", "value": {"mitigation_remediation": ["Upgrade the Product Filter for WooCommerce plugin to a version newer than 9.1.2.", "If an upgrade cannot be performed immediately, remove the capabilities that grant plugin control from non\u2011administrator roles, ensuring that only administrators can modify plugin settings. ", "Disable or delete the Product Filter for WooCommerce plugin entirely to eliminate the vulnerability."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation via incorrect privilege assignment"}, "threat_synthesis": {"affected_systems": "WordPress sites that use the XforWooCommerce Product Filter for WooCommerce plugin, specifically versions up to and including 9.1.2. All earlier releases are also affected, as the issue is present from the initial version through 9.1.2.", "description_and_impact": "The vulnerability in the XforWooCommerce Product Filter for WooCommerce plugin allows an attacker to improperly elevate privileges. The flaw stems from incorrect privilege assignment, enabling a lower\u2011privileged user to obtain higher level rights within the WordPress site. This is a classic example of CWE-266: Incorrect Privilege Assignment. Any escalation grants the attacker full control over the plugin and, potentially, deeper access to the WordPress backend, compromising confidentiality, integrity, and availability of site data.", "risk_and_exploitability": "The CVSS score is 7.2, indicating a high severity. The EPSS score is less than 1%, suggesting that the probability of exploitation is low at present. It is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is likely authenticated; a user with a normal WordPress role could trigger the flaw and raise their own privileges. The affected code path allows the attacker to gain capabilities beyond their current role, enabling further exploitation of the site."}}}}, "created": "2026-02-23T14:37:15.730100+00:00", "updated": "2026-04-28T17:45:16.130336+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "xforwoocommerce", "xforwoocommerce$PRODUCT$product_filter_for_woocommerce"]}