Does Shop Products Filter have any unpatched vulnerabilities?

Yes — Shop Products Filter currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Shop Products Filter compatible with WordPress 6.5.8?

According to WordPress.org data, Shop Products Filter 1.2 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is Shop Products Filter compatible with PHP 5.6+?

Shop Products Filter requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Shop Products Filter updated?

Shop Products Filter was last updated on Apr 10, 2024. Frequent updates are generally a positive security signal.

What is Shop Products Filter's security score?

Shop Products Filter has a WP-Safety security score of 68/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Shop Products Filter Security & Risk Analysis

wordpress.org/plugins/trusty-woo-products-filter

Filter all products of your woocommerce shop. Filter by categories,tags,attributes,taxonomies,price slider,on sale etc.

30 active installs v1.2 PHP 5.6+ WP 4.8+ Updated Apr 10, 2024

divielementorproducts-filtershop-filterwoocommerce-filter

C · Use Caution

CVEs total1

Unpatched1

Last CVEApr 9, 2025

Download

Safety Verdict

Is Shop Products Filter Safe to Use in 2026?

Use With Caution

Score 68/100

Shop Products Filter has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Apr 9, 2025Updated 1yr ago

Risk Assessment

The "trusty-woo-products-filter" v1.2 plugin exhibits a concerning security posture, despite some positive aspects. While it demonstrates good practice by using prepared statements for all SQL queries and has a reasonable percentage of properly escaped output, significant vulnerabilities are present. The plugin exposes a large attack surface with 4 out of 5 entry points lacking authentication checks. This is compounded by the existence of 3 flows with unsanitized paths, indicating potential for injection vulnerabilities, although no critical or high severity issues were found in the taint analysis for this version. The historical vulnerability data is particularly alarming. A high severity "PHP Remote File Inclusion" vulnerability was recorded in 2025, and importantly, this vulnerability is currently unpatched. This suggests a pattern of introducing exploitable vulnerabilities and a lack of timely remediation, which is a critical security concern for any plugin.

Key Concerns

Unpatched high severity vulnerability
High number of unprotected AJAX handlers
Flows with unsanitized paths found
No nonce checks on AJAX handlers
Low capability check coverage

Vulnerabilities

Shop Products Filter Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2025-32585high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Shop Products Filter <= 1.2 - Authenticated (Subscriber+) Local File Inclusion

Apr 9, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Shop Products Filter Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

195

483 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

71% escaped678 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

6 flows3 with unsanitized paths

<twf_Attributes> (admin\filter-types\twf_Attributes.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Shop Products Filter Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 4

authwp_ajax_twf_get_filter_dataadmin\functions.php:451

authwp_ajax_twf_get_filter_dynamicadmin\functions.php:452

authwp_ajax_twf_get_product_dataincludes\functions.php:281

authwp_ajax_twf_get_product_dataincludes\functions.php:282

Shortcodes 1

[trusty_woo_filter] includes\functions.php:16

WordPress Hooks 13

actioninitadmin\functions.php:5

filtertwf_font_familyadmin\functions.php:6

filterthe_postsadmin\functions.php:7

filtertwf_post_animationsadmin\functions.php:8

actionadd_meta_boxesadmin\functions.php:120

actionsave_postadmin\functions.php:121

actionadmin_enqueue_scriptsadmin\functions.php:398

actionwp_enqueue_scriptsadmin\functions.php:422

actionadmin_enqueue_scriptsadmin\functions.php:453

filterwp_list_categoriesincludes\functions.php:3

actionwoocommerce_product_queryincludes\functions.php:17

filterwoocommerce_shortcode_products_queryincludes\functions.php:18

actionplugins_loadedtrusty-woo-products-filter.php:27

Maintenance & Trust

Shop Products Filter Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedApr 10, 2024

PHP min version5.6

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs30

Alternatives

Shop Products Filter Alternatives

YITH WooCommerce Ajax Product Filter

yith-woocommerce-ajax-navigation

YITH WooCommerce Ajax Product Filter offers you the perfect way to filter all products of your WooCommerce shop.

80K 3 CVEs

Product Filter for WooCommerce by WBW

woo-product-filter

Filter products by categories, attributes, prices, and more. Elementor Compatibility. Shoppers easily find products with WooCommerce Product Filter

60K 6 CVEs

Styler Mate for Contact Form 7

cf7-styler-for-divi

100

Style and enhance Contact Form 7 for Divi, Bricks, Elementor, Gutenberg, and more.

30K No CVEs

Classified Listing Toolkits

classified-listing-toolkits

100

Enhance your Classified Listing plugin with Elementor, Divi support. Seamlessly create and manage listings using intuitive widgets, and elements.

4K No CVEs

annasta Filters for WooCommerce

annasta-woocommerce-product-filters

100

All-in-one products search and filtering solution for your WooCommerce shop with rich features and customization options.

2K No CVEs

Developer Profile

Shop Products Filter Developer Profile

Trusty Plugins

5 plugins · 11K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

7 days

View full developer profile

Detection Fingerprints

How We Detect Shop Products Filter

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/trusty-woo-products-filter/assets/css/jquery-ui.css/wp-content/plugins/trusty-woo-products-filter/assets/js/script.js/wp-content/plugins/trusty-woo-products-filter/assets/css/fontawesome/css/font-awesome.min.css/wp-content/plugins/trusty-woo-products-filter/assets/css/filter/default.css/wp-content/plugins/trusty-woo-products-filter/assets/css/filter/skin2.css

Script Paths

/wp-content/plugins/trusty-woo-products-filter/assets/js/script.js

Version Parameters

trusty-woo-products-filter/assets/css/jquery-ui.css?ver=trusty-woo-products-filter/assets/js/script.js?ver=trusty-woo-products-filter/assets/css/fontawesome/css/font-awesome.min.css?ver=trusty-woo-products-filter/assets/css/filter/default.css?ver=trusty-woo-products-filter/assets/css/filter/skin2.css?ver=

HTML / DOM Fingerprints

CSS Classes

manage-top-logo-helperlogo-helpermanage-top-dashgeneral-tabnew-tab

Data Attributes

twf_Options

JS Globals

TRUSTY_WOO_FILTER_URLTRUSTY_WOO_FILTER_PLUGIN_VERSION

Shortcode Output

[trusty_woo_filter

FAQ