NotCVE - vendor:"Woocommerce-filter"

8 results (0.005 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-43121 – WordPress HUSKY plugin <= 1.3.6.1 - Privilege Escalation vulnerability

https://notcve.org/view.php?id=CVE-2024-43121

07 Aug 2024 — Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1. The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to missing option validation on the do_import_data() function in all versions up to, and including, 1.3.6.1. This makes it possible for authenticated attackers, with Shop Manager-level access and a... • https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-6-1-privilege-escalation-vulnerability?_s_id=cve • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-32680 – WordPress HUSKY plugin <= 1.3.5.2 - Remote Code Execution (RCE) vulnerability

https://notcve.org/view.php?id=CVE-2024-32680

17 Apr 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of Code ('Code Injection') vulnerability in PluginUS HUSKY – Products Filter for WooCommerce (formerly WOOF) allows Using Malicious Files, Code Inclusion.This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.2. Vulnerabilidad de limitación incorrecta de un nombre de ruta a un directorio restringido ("Path Traversal"), control incorrecto de la generación ... • https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-5-2-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-31359 – WordPress Premmerce Product Filter for WooCommerce plugin <= 3.7.2 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2024-31359

08 Apr 2024 — Missing Authorization vulnerability in Premmerce Premmerce Product Filter for WooCommerce.This issue affects Premmerce Product Filter for WooCommerce: from n/a through 3.7.2. Vulnerabilidad de autorización faltante en Premmerce Premmerce Product Filter para WooCommerce. Este problema afecta al Premmerce Product Filter para WooCommerce: desde n/a hasta 3.7.2. The Premmerce Product Filter for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function ... • https://patchstack.com/database/vulnerability/premmerce-woocommerce-product-filter/wordpress-premmerce-product-filter-for-woocommerce-plugin-3-7-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-30462 – WordPress HUSKY plugin <= 1.3.5.1 - Cross Site Request Forgery (CSRF) vulnerability

https://notcve.org/view.php?id=CVE-2024-30462

28 Mar 2024 — Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF). Este problema afecta a HUSKY – Filtro de productos para WooCommerce (anteriormente WOOF): desde n/a hasta 1.3.5.1. The HUSKY – Products Filter for WooCommerce (formerly ... • https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-5-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-50861 – WordPress HUSKY plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability

https://notcve.org/view.php?id=CVE-2023-50861

22 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.4.3. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF). Este problema afecta a HUSKY – Products Filter for WooCommerce (formerly WOOF): desde n/a hasta 1.3.4.3. The HUSKY – Products Filter for WooCommerce (formerly WOOF) plug... • https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-40334 – WordPress HUSKY – Products Filter for WooCommerce Professional plugin <= 1.3.4.2 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2023-40334

23 Nov 2023 — Missing Authorization vulnerability in realmag777 HUSKY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HUSKY: from n/a through 1.3.4.2. The HUSKY – Products Filter for WooCommerce (formerly WOOF) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the woof_meta_get_keys() function in versions up to, and including, 1.3.4.2. This makes it possible for authenticated attackers, with contributor-level access and above,... • https://patchstack.com/database/wordpress/plugin/woocommerce-products-filter/vulnerability/wordpress-husky-products-filter-for-woocommerce-professional-plugin-1-3-4-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0

CVE-2018-8710 – WOOF - Products Filter for WooCommerce <= 1.1.9 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2018-8710

06 Mar 2018 — A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication. WordPress shortcode markup in the "shortcode" parameters would be evaluated. Normally unauthenticated users can't evaluate shortcodes as they are often sensitive. Se ha descubierto un problema de ejecución remota ... • https://sec-consult.com/en/blog/advisories/arbitrary-shortcode-execution-local-file-inclusion-in-woof-pluginus-net/index.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-287: Improper Authentication •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-8711 – WOOF - Products Filter for WooCommerce <= 1.1.9 - Local File Inclusion

https://notcve.org/view.php?id=CVE-2018-8711

06 Mar 2018 — A local file inclusion issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input validation on render_html before allowing it to be called by extract(), a PHP built-in function. Because of this, the supplied args/input can be used to overwrite the $pagepath variable, which then could lead to a local file inclusion attack. Se ha descubierto un... • https://sec-consult.com/en/blog/advisories/arbitrary-shortcode-execution-local-file-inclusion-in-woof-pluginus-net/index.html • CWE-20: Improper Input Validation CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •