Critical severity9.8NVD Advisory· Published Mar 14, 2018· Updated Jun 17, 2026
CVE-2018-8710
CVE-2018-8710
Description
A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication. WordPress shortcode markup in the "shortcode" parameters would be evaluated. Normally unauthenticated users can't evaluate shortcodes as they are often sensitive.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.2.0+ 1 more
- (no CPE)range: <2.2.0
- (no CPE)range: <2.2.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.