CVE report
CVE-2026-3396high
WCAPF WooCommerce Ajax Product Filter - SQL Injection
Events 7d
99
Distinct IPs
9
Severity
high
CISA KEV
Not listed
Daily probe volume (last 7 days)
peak: 43Downloads & integrations
Top sources probing for CVE-2026-3396
- 213.209.159.17530 eventsTaiwan路 Feo Prest SRL
- 130.12.180.11118 eventsUnited States路 Omegatech LTD
- 185.177.72.2415 eventsFrance路 Bucklog SARL
- 185.177.72.6915 eventsFrance路 Bucklog SARL
- 45.135.193.1578 eventsGermany路 Pfcloud UG (haftungsbeschrankt)
- 93.123.109.2145 eventsBulgaria路 Techoff Srv Limited
- 192.253.248.1694 eventsIran路 Limited Network LTD
- 52.51.123.952 eventsIreland
- 80.94.95.2112 eventsRomania路 SS-Net
URL patterns we match
An event counts toward CVE-2026-3396 if its URL path contains any of these substrings (case-insensitive).
- 路 /shop
- 路 /wp-content/plugins/wc-ajax-product-filter/readme.txt
- 路 /shop/?filter_post_author=1%27%20AND%20SLEEP(6)%20AND%20%271%27%3D%271