CVE-2025-69378
Awaiting Analysis Awaiting Analysis - Queue

Privilege Escalation via Incorrect Privilege Assignment in XforWooCommerce Filter

Vulnerability report for CVE-2025-69378, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-20

Last updated on: 2026-04-27

Assigner: Patchstack

Description

Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through <= 9.1.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-20
Last Modified
2026-04-27
Generated
2026-07-06
AI Q&A
2026-02-20
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
patchstack product_filter_for_woocommerce to 9.1.2 (inc)
prdctfltr product_filter_for_woocommerce to 9.1.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

There is no specific information provided about commands or methods to detect this vulnerability on your network or system.

Executive Summary

CVE-2025-69378 is a medium priority privilege escalation vulnerability in the WordPress Product Filter for WooCommerce Plugin versions up to and including 9.1.2.

This vulnerability allows a malicious user with low-level privileges, such as a Shop Manager, to escalate their privileges to a higher level, potentially gaining full control over the affected website.

It is classified under OWASP Top 10 A7: Identification and Authentication Failures.

Impact Analysis

If exploited, this vulnerability can allow an attacker with limited access to escalate their privileges and gain full control over the affected WooCommerce website.

This could lead to unauthorized changes, data manipulation, or other malicious activities on the website.

Since no official patch is currently available, the risk remains until mitigations are applied.

Compliance Impact

I don't know

Mitigation Strategies

Since no official patch is currently available for this vulnerability, it is recommended to apply the mitigation rule issued by Patchstack immediately.

This mitigation rule can block attacks exploiting the privilege escalation vulnerability in the Product Filter for WooCommerce plugin versions up to 9.1.2.

Implementing this mitigation helps maintain website security by automatically blocking exploit attempts until an official patch is released.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69378. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart