CVE-2026-39494

CVE Database · CVE-2026-39494

CVE-2026-39494

· CRITICALDeferred

CVSS v3.1

9.3

EPSS

0.39%

Published

Jun 11, 2026

Modified

Jun 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

Weaknesses (CWE)

CWE-89

References (1)

https://patchstack.com/database/wordpress/plugin/woo-product-filter/vulnerability/wordpress-product-filter-by-wbw-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve

KEV Catalog EPSS Scores Vendors All CVEs