CVE-2022-45813
Received Received - Intake
Missing Authorization in BeRocket Advanced AJAX Product Filters

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: Patchstack

Description
Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-11
Last Modified
2026-06-11
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2022-45813
EUVD
EUVD-2022-56005
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
berocket advanced_ajax_product_filters From 1.0.0 (inc) to 1.6.3.3 (inc)
berocket advanced_ajax_product_filters 1.6.3.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2022-45813 is a Missing Authorization vulnerability in the WordPress Advanced AJAX Product Filters Plugin (version 1.6.3.3 and below). It is a Broken Access Control issue that allows unprivileged users, such as subscribers, to perform actions that normally require higher privileges. This happens because the plugin lacks proper authorization, authentication, or nonce token checks.

The vulnerability has a CVSS score of 5.4, indicating a moderate severity level, and is unlikely to be exploited in targeted attacks but could be used in mass-exploit campaigns.

Impact Analysis

This vulnerability can allow users with low privileges to perform actions that should be restricted to higher-privileged users. This could lead to unauthorized changes or access within the affected WordPress site using the Advanced AJAX Product Filters plugin.

Although the severity is considered low to moderate, exploitation could result in unauthorized modifications or disruptions in the site's filtering functionality, potentially affecting the user experience or site integrity.

Users are advised to update to version 1.6.3.4 or later to mitigate this risk.

Detection Guidance

This vulnerability involves missing authorization checks in the WordPress Advanced AJAX Product Filters plugin versions 1.6.3.3 and below, allowing unprivileged users to perform higher-privileged actions.

Detection can focus on identifying the plugin version installed on your WordPress site to confirm if it is vulnerable.

  • Check the plugin version via the WordPress admin dashboard under Plugins.
  • Use WP-CLI command to list plugin versions: `wp plugin list | grep advanced-ajax-product-filters`
  • Monitor for unusual AJAX requests or actions performed by low-privileged users that should require higher privileges.
Mitigation Strategies

The immediate mitigation step is to update the WordPress Advanced AJAX Product Filters plugin to version 1.6.3.4 or later, where this vulnerability is patched.

If updating immediately is not possible, restrict access to the plugin's AJAX endpoints to trusted users only or disable the plugin temporarily.

Consider enabling auto-updates for this plugin if you use Patchstack or consult your hosting provider or developer for assistance.

Compliance Impact

The provided information does not specify how the Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-45813. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart