Browse all 6 CVE security advisories affecting berocket. AI-powered Chinese analysis, POCs, and references for each vulnerability.
BeRocket develops WordPress plugins for e-commerce optimization, including filters, sliders, and search functionality. Historically, its products have frequently contained stored cross-site scripting (XSS) vulnerabilities, often due to insufficient input sanitization in administrative settings. Remote code execution risks have also been identified in several components, typically through unsafe file operations or improper capability checks. While no major public security incidents have been documented, the consistent pattern of vulnerabilities in BeRocket's extensions has led to multiple CVE assignments, highlighting ongoing security challenges in input validation and access control within their plugin ecosystem.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1426 | Advanced AJAX Product Filters <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility — Advanced AJAX Product FiltersCWE-502 | 8.8 | High | 2026-02-18 |
| CVE-2025-1505 | Advanced AJAX Product Filters <= 1.6.8.1 - Reflected Cross-Site Scripting — Advanced AJAX Product FiltersCWE-79 | 6.1 | Medium | 2025-02-28 |
This page lists every published CVE security advisory associated with berocket. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.