Blind SQL Injection in HUSKY Products Filter Professional for WooCommerce
CVE-2025-11735

7.5HIGH

Key Information:

Vendor: WordPress
Status: Husky – Products Filter Professional For WooCommerce
Vendor: CVE Published:; 28 October 2025

What is CVE-2025-11735?

The HUSKY Products Filter Professional for WooCommerce plugin has a vulnerability that allows for blind SQL injection through the phrase parameter. This issue arises in all versions up to and including 1.3.7.1 due to inadequate sanitization of user inputs and poor formulation of SQL queries. As a result, unauthenticated attackers can manipulate SQL queries, potentially leading to the exposure of sensitive database information.

Affected Version(s)

HUSKY – Products Filter Professional for WooCommerce * <= 1.3.7.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/woocommerce-pr...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2025
Vulnerability Reserved
Oct 14, 2025

Credit

LionTree

JSON

WordPress

What is CVE-2025-11735?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit