Local File Inclusion Vulnerability in WooCommerce Products Filter Plugin by WordPress
CVE-2018-8711
9.8CRITICAL
What is CVE-2018-8711?
A local file inclusion vulnerability exists in the WooCommerce Products Filter (WOOF) plugin for WordPress prior to version 2.2.0. The issue arises from insufficient validation of user-supplied arguments in the render_html function, allowing attackers to manipulate the $pagepath variable through the shortcode parameter in a woof_redraw_woof action. This weakness could potentially be exploited to include arbitrary local files, leading to unauthorized access or code execution on the affected site.