Unauthorized Filter Invocation Flaw in Active Products Tables for WooCommerce by WordPress
CVE-2025-1514

7.3HIGH

Key Information:

Vendor: WordPress
Status: Active Products Tables For WooCommerce. Use Constructor To Create Tables
Vendor: CVE Published:; 26 March 2025

What is CVE-2025-1514?

The Active Products Tables for WooCommerce plugin for WordPress is susceptible to unauthenticated filter calls due to inadequate restrictions in the get_smth() function. This vulnerability exists in all versions up to 1.0.6.7, allowing attackers to exploit it by invoking arbitrary WordPress filters with only a single parameter, potentially leading to unauthorized actions within the application.

Affected Version(s)

Active Products Tables for WooCommerce. Use constructor to create tables * <= 1.0.6.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/profit-product...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2025
Vulnerability Reserved
Feb 20, 2025

Credit

Arkadiusz Hydzik