Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2018-8710
HistoryOct 03, 2022 - 4:21 p.m.

CVE-2018-8710

2022-10-0316:21:53
mitre
www.cve.org
cve-2018-8710
wordpress
remote code execution
woocommerce products filter
shortcode
ajax
authentication

9.9 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

JSON

A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication. WordPress shortcode markup in the “shortcode” parameters would be evaluated. Normally unauthenticated users can’t evaluate shortcodes as they are often sensitive.

Related

prion 1
cve 1
nvd 1
openvas 1
wpvulndb 1
prion
prion
Remote code execution
2018-03-14 19:29:00
cve
cve
CVE-2018-8710
2022-10-03 16:21:53
nvd
nvd
CVE-2018-8710
2018-03-14 19:29:00
openvas
openvas
WordPress WOOF - Products Filter for WooCommerce Plugin < 1.2.2.0 Multiple Vulnerabilities
2018-11-13 00:00:00
wpvulndb
wpvulndb
WooCommerce Products Filter <= 1.1.9 - Multiple Issues
2018-03-14 00:00:00

9.9 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

JSON
Related for CVELIST:CVE-2018-8710
prion1cve1nvd1openvas1wpvulndb1