Arbitrary File Inclusion Vulnerability in HUSKY Products Filter Professional for WooCommerce Plugin
CVE-2024-3061

7.2HIGH

Key Information:

Vendor: Wordpress
Status: Husky – Products Filter Professional For WooCommerce
Vendor: CVE Published:; 29 March 2024

Summary

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is exposed to a Local File Inclusion vulnerability due to improper validation of the 'type' parameter. This vulnerability affects all versions up to and including 1.3.5.2, granting authenticated users with administrator-level access the ability to include and execute arbitrary files on the server. Exploitation of this vulnerability can lead to unauthorized access to sensitive data, exploitation of access controls, and the execution of malicious PHP code from uploaded files. Such risks underscore the need for immediate patching and careful management of permissions within WordPress installations utilizing this plugin.

Affected Version(s)

HUSKY – Products Filter Professional for WooCommerce * <= 1.3.5.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 29, 2024
Vulnerability Reserved
Mar 28, 2024

Credit

Hai