What is CVE-2025-8416?

CVE-2025-8416 is a high-severity vulnerability in Woobewoo Product Filter For Woocommerce By Wbw, classified under SQL Injection. CVSS score: 7.5/10. Published 2025-10-25.

How severe is CVE-2025-8416?

High severity. CVSS v3 base score is 7.5 out of 10.

SQL Injection in Woobewoo Product Filter For Woocommerce By Wbw

CVE-2025-8416

The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection via the 'filtersDataBackend' parameter in all versions up to, and including, 2.9.7. This is due to insufficient escaping on the user supplied parameter and lack…

Vulnerability class: SQL Injection

EPSS: 0.001 (31.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Woobewoo Product Filter For Woocommerce By Wbw — versions 0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

www.wordfence.com/threat-intel/vulnerabilities/id/d1533e9a-dcb9-4fbb-a1a7-7f4da…
plugins.trac.wordpress.org/browser/woo-product-filter/tags/2.8.6/modules/woofil…
plugins.trac.wordpress.org/browser/woo-product-filter/tags/2.8.6/modules/woofil…
plugins.trac.wordpress.org/changeset

Frequently asked questions

What is CVE-2025-8416?: CVE-2025-8416 is a high-severity vulnerability in Woobewoo Product Filter For Woocommerce By Wbw, classified under SQL Injection. CVSS score: 7.5/10. Published 2025-10-25.
How severe is CVE-2025-8416?: High severity. CVSS v3 base score is 7.5 out of 10.