CVE report

CVE-2026-3396high

WCAPF WooCommerce Ajax Product Filter - SQL Injection

Events 7d

99

Distinct IPs

9

Severity

high

CISA KEV

Not listed

Daily probe volume (last 7 days)

peak: 43
2026-05-15: 18 events05-152026-05-16: 4 events05-162026-05-17: 4 events05-172026-05-18: 8 events05-182026-05-19: 43 events05-192026-05-20: 18 events05-202026-05-21: 4 events05-21

Downloads & integrations

Top sources probing for CVE-2026-3396

URL patterns we match

An event counts toward CVE-2026-3396 if its URL path contains any of these substrings (case-insensitive).

  • /shop
  • /wp-content/plugins/wc-ajax-product-filter/readme.txt
  • /shop/?filter_post_author=1%27%20AND%20SLEEP(6)%20AND%20%271%27%3D%271