CVE-2025-1514
Active Products Tables for WooCommerce <= 1.0.6.7 - Unauthenticated Arbitrary Filter Call
The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized filter calling due to insufficient restrictions on the get_smth() function in all versions up to, and including, 1.0.6.7. This makes it possible for unauthenticated attackers to call arbitrary WordPress filters with a single parameter.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected products
realmag777 · Active Products Tables for WooCommerce. Use constructor to create tablesWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://plugins.trac.wordpress.org/browser/profit-products-tables-for-woocommerce/trunk/index.php#L1753https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3257043%40profit-products-tables-for-woocommerce&new=3257043%40profit-products-tables-for-woocommerce&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/6edf91de-9553-4aa1-a29f-89771c8e852e?source=cve