Woocommerce Products Filter
by WordPress
Source repositories
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-8711 | Cri | 0.64 | 9.8 | 0.02 | Mar 14, 2018 | A local file inclusion issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input validation on render_html… | ||
| CVE-2018-8710 | Cri | 0.64 | 9.8 | 0.04 | Mar 14, 2018 | A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without… | ||
| CVE-2025-11735 | Hig | 0.49 | 7.5 | 0.00 | Oct 28, 2025 | The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the `phrase` parameter in all versions up to, and including, 1.3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient… | ||
| CVE-2025-52708 | Hig | 0.49 | 7.5 | 0.00 | Jun 20, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 HUSKY woocommerce-products-filter allows PHP Local File Inclusion.This issue affects HUSKY: from n/a through <= 1.3.7. | ||
| CVE-2025-26890 | Hig | 0.49 | 7.5 | 0.01 | Mar 27, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 HUSKY woocommerce-products-filter allows PHP Local File Inclusion.This issue affects HUSKY: from n/a through <= 1.3.6.4. | ||
| CVE-2020-37174 | Med | 0.36 | 5.5 | 0.00 | May 13, 2026 | WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text… | ||
| CVE-2024-30462 | Med | 0.28 | 4.3 | 0.00 | Mar 29, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.1. | ||
| CVE-2023-50861 | Med | 0.28 | 4.3 | 0.00 | Mar 15, 2024 | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.4.3. | ||
| CVE-2025-13110 | Med | 0.21 | 4.3 | 0.00 | Dec 18, 2025 | The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woof_add_subscr" function due to missing validation on a user controlled key. This makes it… | ||
| CVE-2025-13109 | Med | 0.21 | 4.3 | 0.00 | Dec 3, 2025 | The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woof_add_query" and "woof_remove_query" functions due to missing validation on a user… | ||
| CVE-2023-0492 | 0.00 | — | 0.00 | Feb 21, 2023 | The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform… | |||
| CVE-2022-1546 | 0.00 | — | 0.01 | Jul 11, 2022 | The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting |
- risk 0.64cvss 9.8epss 0.02
A local file inclusion issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input validation on render_html…
- risk 0.64cvss 9.8epss 0.04
A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without…
- risk 0.49cvss 7.5epss 0.00
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the `phrase` parameter in all versions up to, and including, 1.3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient…
- risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 HUSKY woocommerce-products-filter allows PHP Local File Inclusion.This issue affects HUSKY: from n/a through <= 1.3.7.
- risk 0.49cvss 7.5epss 0.01
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 HUSKY woocommerce-products-filter allows PHP Local File Inclusion.This issue affects HUSKY: from n/a through <= 1.3.6.4.
- risk 0.36cvss 5.5epss 0.00
WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.5.1.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 HUSKY – Products Filter for WooCommerce (formerly WOOF).This issue affects HUSKY – Products Filter for WooCommerce (formerly WOOF): from n/a through 1.3.4.3.
- risk 0.21cvss 4.3epss 0.00
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woof_add_subscr" function due to missing validation on a user controlled key. This makes it…
- risk 0.21cvss 4.3epss 0.00
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woof_add_query" and "woof_remove_query" functions due to missing validation on a user…
- CVE-2023-0492Feb 21, 2023risk 0.00cvss —epss 0.00
The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform…
- CVE-2022-1546Jul 11, 2022risk 0.00cvss —epss 0.01
The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting