CVE-2025-69378
Awaiting Analysis Awaiting Analysis - Queue
Privilege Escalation via Incorrect Privilege Assignment in XforWooCommerce Filter

Publication date: 2026-02-20

Last updated on: 2026-04-27

Assigner: Patchstack

Description
Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through <= 9.1.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-14
NVD
CVE-2025-69378
EUVD
EUVD-2025-207961
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
patchstack product_filter_for_woocommerce to 9.1.2 (inc)
prdctfltr product_filter_for_woocommerce to 9.1.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

There is no specific information provided about commands or methods to detect this vulnerability on your network or system.

Executive Summary

CVE-2025-69378 is a medium priority privilege escalation vulnerability in the WordPress Product Filter for WooCommerce Plugin versions up to and including 9.1.2.

This vulnerability allows a malicious user with low-level privileges, such as a Shop Manager, to escalate their privileges to a higher level, potentially gaining full control over the affected website.

It is classified under OWASP Top 10 A7: Identification and Authentication Failures.

Impact Analysis

If exploited, this vulnerability can allow an attacker with limited access to escalate their privileges and gain full control over the affected WooCommerce website.

This could lead to unauthorized changes, data manipulation, or other malicious activities on the website.

Since no official patch is currently available, the risk remains until mitigations are applied.

Compliance Impact

I don't know

Mitigation Strategies

Since no official patch is currently available for this vulnerability, it is recommended to apply the mitigation rule issued by Patchstack immediately.

This mitigation rule can block attacks exploiting the privilege escalation vulnerability in the Product Filter for WooCommerce plugin versions up to 9.1.2.

Implementing this mitigation helps maintain website security by automatically blocking exploit attempts until an official patch is released.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69378. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart