WordPress HUSKY – Products Filter Professional for WooCommerce plugin <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr' vulnerability

Authenticated Subscriber+ Insecure Direct Object Reference via 'woofaddsubscr' vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin HUSKY versions = 1.3.7.3...

CVE-2025-52708 WordPress HUSKY plugin <= 1.3.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RealMag777 HUSKY woocommerce-products-filter allows PHP Local File Inclusion.This issue affects HUSKY: from n/a through = 1.3.7...

CVE-2025-52708 WordPress HUSKY plugin <= 1.3.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RealMag777 HUSKY woocommerce-products-filter allows PHP Local File Inclusion.This issue affects HUSKY: from n/a through = 1.3.7...

CVE-2025-26890 WordPress HUSKY plugin <= 1.3.6.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RealMag777 HUSKY woocommerce-products-filter allows PHP Local File Inclusion.This issue affects HUSKY: from n/a through = 1.3.6.4...

WordPress HUSKY plugin <= 1.3.6.5 - Unauthenticated Local File Inclusion vulnerability

Unauthenticated Local File Inclusion vulnerability discovered by Hiroho Shimada in WordPress Plugin HUSKY versions = 1.3.6.5...

CVE-2024-32680 WordPress HUSKY plugin <= 1.3.5.2 - Remote Code Execution (RCE) vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in PluginUS HUSKY – Products Filter for WooCommerce formerly WOOF allows Using Malicious Files, Code Inclusion.This issue affects HUSKY – Products...

WordPress HUSKY Plugin <= 1.3.5.2 is vulnerable to Remote Code Execution (RCE)

Software HUSKY Type Plugin Vulnerable versions = 1.3.5.2 Fixed in 1.3.5.3 OWASP Top 10 A5: Security Misconfiguration Classification Remote Code Execution RCE CVE CVE-2024-32680 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 5338513548eb Credits Yudistira Arya Required...

WordPress HUSKY Plugin <= 1.3.4.2 is vulnerable to SQL Injection

Software HUSKY Type Plugin Vulnerable versions = 1.3.4.2 Fixed in 1.3.4.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-40010 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9191c9d76ec2 Credits Nguyen Anh Tien Required privilege Unauthenticated...