3 matches found
CVE-2024-1795
CVE-2024-1795 affects the HUSKY – Products Filter for WooCommerce Professional for WordPress. The WordPress plugin is vulnerable to an SQL injection via the 'name' parameter in the woof shortcode, in all versions up to and including 1.3.5.2. The issue arises from insufficient escaping of user-sup...
WordPress HUSKY Plugin <= 1.3.5.2 is vulnerable to SQL Injection
Software HUSKY Type Plugin Vulnerable versions = 1.3.5.2 Fixed in 1.3.5.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1795 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID afec36a17d5a Credits WordFence Required privilege Contributor Published 14...
CVE-2024-1998
CVE-2024-1998 is a reservation/duplicate of CVE-2024-1795 and should be treated as such; the active vulnerability is CVE-2024-1795 for HUSKY – Products Filter Professional for WooCommerce (WordPress). The issue is an authenticated SQL Injection via the name parameter in the woof shortcode in all ...