CVE-2025-1514
Active Products Tables for WooCommerce <= 1.0.6.7 - Unauthenticated Arbitrary Filter Call
The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized filter calling due to insufficient restrictions on the get_smth() function in all versions up to, and including, 1.0.6.7. This makes it possible for unauthenticated attackers to call arbitrary WordPress filters with a single parameter.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Productos afectados
realmag777 · Active Products Tables for WooCommerce. Use constructor to create tables¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://plugins.trac.wordpress.org/browser/profit-products-tables-for-woocommerce/trunk/index.php#L1753https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3257043%40profit-products-tables-for-woocommerce&new=3257043%40profit-products-tables-for-woocommerce&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/6edf91de-9553-4aa1-a29f-89771c8e852e?source=cve