PatchSiren cyber security CVE debrief
CVE-2026-45437 Bhavin Thummar CVE debrief
CVE-2026-45437 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in Product Filter Widget for Elementor <= 1.0.6 versions. The vulnerability has a CVSS score of 7.1 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-45437).
- Vendor
- Bhavin Thummar
- Product
- Product Filter Widget for Elementor
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Product Filter Widget for Elementor plugin versions <= 1.0.6 should apply patches or mitigations as available.
Technical summary
The vulnerability is an Unauthenticated Cross Site Scripting (XSS) issue in the Product Filter Widget for Elementor plugin. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates for Product Filter Widget for Elementor plugin to version > 1.0.6.
- Review and restrict user input to prevent XSS attacks.
Evidence notes
Evidence from Patchstack indicates the vulnerability exists in Product Filter Widget for Elementor plugin versions <= 1.0.6.
Official resources
-
CVE-2026-45437 CVE record
CVE.org
-
CVE-2026-45437 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-45437 was published on 2026-06-15T21:17:03.510Z and modified on 2026-06-15T21:24:32.790Z.