WP-Safety

Filter Plus – Product Filter & WordPress Filter Security & Risk Analysis

wordpress.org/plugins/filter-plus

Filter Plus is WordPress and WooCommerce Product Filter plugin that enable filter anything in your website.

100 active installs v1.1.17 PHP 7.4+ WP + Updated Feb 20, 2026
blog-filterpost-filterproduct-filterwoocommerce-filterwoocommerce-product-filter
76
B · Generally Safe
CVEs total2
Unpatched1
Last CVEFeb 5, 2026
Plugin page Download
Safety Verdict

Is Filter Plus – Product Filter & WordPress Filter Safe to Use in 2026?

Mostly Safe

Score 76/100

Filter Plus – Product Filter & WordPress Filter is generally safe to use. 2 past CVEs were resolved.

2 known CVEs 1 unpatched Last CVE: Feb 5, 2026Updated 2mo ago
Risk Assessment

The "filter-plus" v1.1.17 plugin exhibits a generally strong security posture based on the static analysis. The absence of entry points like AJAX handlers, REST API routes, shortcodes, and cron events significantly reduces the attack surface. Furthermore, the code demonstrates good practices with 100% of SQL queries using prepared statements and a very high percentage (98%) of output properly escaped. The presence of nonce and capability checks further bolsters its defenses. However, a past medium severity vulnerability related to missing authorization, even though currently patched, is a notable concern. This historical pattern suggests a potential area where authorization checks might be overlooked during development, requiring continued vigilance. While the current version appears to be well-secured, the single historical medium vulnerability warrants a slightly cautious approach, indicating that while current practices are good, past issues have existed.

Key Concerns

  • Past medium severity vulnerability (Missing Auth)
  • Bundled library (Select2) could be outdated
Vulnerabilities
2 published

Filter Plus – Product Filter & WordPress Filter Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2026-39607medium · 4.3Missing Authorization

Filter Plus <= 1.1.17 - Missing Authorization

Feb 5, 2026Unpatched
CVE-2025-13314medium · 5.3Missing Authorization

Product Filtering by Categories, Tags, Price Range for WooCommerce <= 1.1.6 - Missing Authorization to Unauthenticated Plugin Settings Modification

Dec 11, 2025 Patched in 1.1.7 (1d)
Version History

Filter Plus – Product Filter & WordPress Filter Release Timeline

v1.1.17Current1 CVE
CVE-2026-39607
v1.1.161 CVE
CVE-2026-39607
v1.1.151 CVE
CVE-2026-39607
v1.1.141 CVE
CVE-2026-39607
v1.1.131 CVE
CVE-2026-39607
v1.1.121 CVE
CVE-2026-39607
v1.1.111 CVE
CVE-2026-39607
v1.1.101 CVE
CVE-2026-39607
v1.1.91 CVE
CVE-2026-39607
v1.1.81 CVE
CVE-2026-39607
v1.1.71 CVE
CVE-2026-39607
v1.1.62 CVEs
CVE-2026-39607 CVE-2025-13314
v1.1.52 CVEs
CVE-2026-39607 CVE-2025-13314
v1.1.42 CVEs
CVE-2026-39607 CVE-2025-13314
v1.1.32 CVEs
CVE-2026-39607 CVE-2025-13314
v1.1.22 CVEs
CVE-2026-39607 CVE-2025-13314
v1.1.12 CVEs
CVE-2026-39607 CVE-2025-13314
v1.1.02 CVEs
CVE-2026-39607 CVE-2025-13314
v1.0.992 CVEs
CVE-2026-39607 CVE-2025-13314
v1.0.982 CVEs
CVE-2026-39607 CVE-2025-13314
Code Analysis
Analyzed Mar 16, 2026

Filter Plus – Product Filter & WordPress Filter Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
19
826 escaped
Nonce Checks
2
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

100% prepared2 total queries

Output Escaping

98% escaped845 total outputs
Attack Surface

Filter Plus – Product Filter & WordPress Filter Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 14
actionadmin_enqueue_scriptsbase\enqueue.php:22
actionwp_enqueue_scriptsbase\enqueue.php:24
actionadmin_menucore\admin\menus.php:26
filterwoocommerce_get_price_suffixcore\compatibility\hooks.php:20
actionelementor/frontend/before_enqueue_scriptscore\core.php:44
actioninitcore\widgets\bricks\manifest.php:24
actionelementor/elements/categories_registeredcore\widgets\elementor\manifest.php:16
actionelementor/widgets/registercore\widgets\elementor\manifest.php:17
actioninitcore\widgets\gutenburg-block\blocks\woo-filter.php:176
actioninitcore\widgets\gutenburg-block\blocks\wp-filter.php:15
filterblock_categories_allcore\widgets\gutenburg-block\init.php:64
filterblock_categoriescore\widgets\gutenburg-block\init.php:66
actioninitcore\widgets\gutenburg-block\init.php:70
actionplugins_loadedfilter-plus.php:69
Maintenance & Trust

Filter Plus – Product Filter & WordPress Filter Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 20, 2026
PHP min version7.4
Downloads14K

Community Trust

Rating70/100
Number of ratings4
Active installs100
Alternatives

Filter Plus – Product Filter & WordPress Filter Alternatives

Filter Everything&nbsp;— WordPress & WooCommerce Filters

Filter Everything&nbsp;— WordPress & WooCommerce Filters

filter-everything

A
100

The most flexible filters plugin for WordPress & WooCommerce – filter anything.

50K No CVEs
Filter Everything Extra

Filter Everything Extra

filter-everything-extra

A
92

Additional functionality for the Filter Everything plugin.

0 No CVEs
YITH WooCommerce Ajax Product Filter

YITH WooCommerce Ajax Product Filter

yith-woocommerce-ajax-navigation

A
97

YITH WooCommerce Ajax Product Filter offers you the perfect way to filter all products of your WooCommerce shop.

80K 3 CVEs
Product Filter for WooCommerce by WBW

Product Filter for WooCommerce by WBW

woo-product-filter

A
88

Filter products by categories, attributes, prices, and more. Elementor Compatibility. Shoppers easily find products with WooCommerce Product Filter

60K 9 CVEs
WCAPF – Ajax Product Filter for WooCommerce

WCAPF – Ajax Product Filter for WooCommerce

wc-ajax-product-filter

A
97

Filter WooCommerce products by category, tag, attribute, price, rating, author, meta fields, and keyword using AJAX.

9K 1 CVE
Developer Profile

Filter Plus – Product Filter & WordPress Filter Developer Profile

Wpbens

5 plugins · 150 total installs

97
trust score
Avg Security Score
95/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect Filter Plus – Product Filter & WordPress Filter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/filter-plus/assets/js/filter-plus-select2.js/wp-content/plugins/filter-plus/assets/js/admin.js/wp-content/plugins/filter-plus/assets/css/admin.css/wp-content/plugins/filter-plus/assets/css/select2.css/wp-content/plugins/filter-plus/assets/js/search-filter.js/wp-content/plugins/filter-plus/assets/js/filter-option.js/wp-content/plugins/filter-plus/assets/js/filter-swiper-bundle.min.js
Script Paths
/wp-content/plugins/filter-plus/assets/js/filter-plus-select2.js/wp-content/plugins/filter-plus/assets/js/admin.js/wp-content/plugins/filter-plus/assets/js/search-filter.js/wp-content/plugins/filter-plus/assets/js/filter-option.js/wp-content/plugins/filter-plus/assets/js/filter-swiper-bundle.min.js
Version Parameters
filter-plus/style.css?ver=filter-plus/admin.css?ver=filter-plus/select2.css?ver=filter-plus/filter-plus-select2.js?ver=filter-plus/admin.js?ver=filter-plus/search-filter.js?ver=filter-plus/filter-option.js?ver=filter-plus/filter-swiper-bundle.min.js?ver=

HTML / DOM Fingerprints

JS Globals
filter_admin
FAQ

Frequently Asked Questions about Filter Plus – Product Filter & WordPress Filter