Product Filter Widget for Elementor Security & Risk Analysis

wordpress.org/plugins/product-filter-widget-for-elementor

Product Filter Widget for Elementor Lets you give functionality to filter your products.

1K active installs v1.0.6 PHP 7.4+ WP 5.0+ Updated Jan 16, 2026
elementor-filter-widgetproduct-filterproduct-filter-widgetwoocommerce-filterwoocommerce-product-filter
53
C · Use Caution
CVEs total2
Unpatched2
Last CVEJun 8, 2026
Download
Safety Verdict

Is Product Filter Widget for Elementor Safe to Use in 2026?

Use With Caution

Score 53/100

Product Filter Widget for Elementor has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

2 known CVEs 2 unpatched Last CVE: Jun 8, 2026Updated 5mo ago
Risk Assessment

The 'product-filter-widget-for-elementor' plugin version 1.0.6 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by not utilizing dangerous functions, performing all SQL queries using prepared statements, and having a high rate of output escaping. It also has no recorded historical vulnerabilities, suggesting a generally stable and secure development history.

However, significant concerns arise from the attack surface. The plugin exposes four AJAX handlers, all of which lack authentication checks. This means any unauthenticated user can trigger these actions, presenting a substantial risk. While taint analysis showed no critical or high severity issues with unsanitized paths, the presence of two flows with unsanitized paths, even if not classified as critical in this analysis, warrants attention due to the lack of authentication on the related entry points.

Overall, the lack of authentication on AJAX handlers is the most pressing security weakness. The absence of known vulnerabilities is a strength, but it does not negate the inherent risks introduced by the exposed, unauthenticated entry points. Developers should prioritize implementing proper authentication and authorization for all AJAX handlers.

Key Concerns

  • Unprotected AJAX handlers
  • Unsanitized paths in taint flows
  • No nonce checks on AJAX handlers
Vulnerabilities
2 published

Product Filter Widget for Elementor Security Vulnerabilities

CVEs by Year

2 CVEs in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2026-11603medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product Filter Widget for Elementor <= 1.0.6 - Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter

Jun 8, 2026Unpatched
CVE-2026-45437high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product Filter Widget for Elementor <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting

Jun 1, 2026Unpatched
Version History

Product Filter Widget for Elementor Release Timeline

Code Analysis
Analyzed Mar 16, 2026

Product Filter Widget for Elementor Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
40
244 escaped
Nonce Checks
0
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

86% escaped284 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
eszlwcf_filter_products (inc\controller\Eszpf_Ajax_Handler.php:166)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Product Filter Widget for Elementor Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 4

authwp_ajax_eszlwcf_filter_productsinc\controller\Eszpf_Ajax_Handler.php:176
noprivwp_ajax_eszlwcf_filter_productsinc\controller\Eszpf_Ajax_Handler.php:177
authwp_ajax_eszlwcf_load_more_productsinc\controller\Eszpf_Ajax_Handler.php:178
noprivwp_ajax_eszlwcf_load_more_productsinc\controller\Eszpf_Ajax_Handler.php:179
WordPress Hooks 9
actionadmin_menuinc\admin\Eszpf_Admin_Dashboard.php:6
actionadmin_noticesproduct-filter-widget-for-elementor.php:70
actionadmin_noticesproduct-filter-widget-for-elementor.php:74
actionadmin_noticesproduct-filter-widget-for-elementor.php:82
actionelementor/frontend/after_enqueue_stylesproduct-filter-widget-for-elementor.php:97
actionelementor/frontend/after_register_scriptsproduct-filter-widget-for-elementor.php:99
actionelementor/widgets/registerproduct-filter-widget-for-elementor.php:102
actionadmin_enqueue_scriptsproduct-filter-widget-for-elementor.php:104
actioninitproduct-filter-widget-for-elementor.php:245
Maintenance & Trust

Product Filter Widget for Elementor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 16, 2026
PHP min version7.4
Downloads15K

Community Trust

Rating80/100
Number of ratings4
Active installs1K
Developer Profile

Product Filter Widget for Elementor Developer Profile

Bhavin Thummar

2 plugins · 2K total installs

78
trust score
Avg Security Score
77/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Product Filter Widget for Elementor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/product-filter-widget-for-elementor/assets/library/slick.css/wp-content/plugins/product-filter-widget-for-elementor/assets/css/jquery-ui.css/wp-content/plugins/product-filter-widget-for-elementor/assets/css/app.css/wp-content/plugins/product-filter-widget-for-elementor/assets/library/slick.min.js/wp-content/plugins/product-filter-widget-for-elementor/assets/js/app.js/wp-content/plugins/product-filter-widget-for-elementor/assets/admin/js/admin.js
Script Paths
/wp-content/plugins/product-filter-widget-for-elementor/assets/library/slick.min.js/wp-content/plugins/product-filter-widget-for-elementor/assets/js/app.js
Version Parameters
product-filter-widget-for-elementor/assets/library/slick.css?ver=product-filter-widget-for-elementor/assets/css/jquery-ui.css?ver=product-filter-widget-for-elementor/assets/css/app.css?ver=product-filter-widget-for-elementor/assets/library/slick.min.js?ver=product-filter-widget-for-elementor/assets/js/app.js?ver=product-filter-widget-for-elementor/assets/admin/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
eszpf-product-filtereszpf-product-filter-wrapeszpf-filter-widgeteszpf-filter-contenteszpf-widget-search-formeszpf-widget-attributeseszpf-widget-attribute-title
Data Attributes
data-eszpf-product-filter-id
JS Globals
EszLwcfAjaxData
FAQ

Frequently Asked Questions about Product Filter Widget for Elementor