CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-8710

A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication. WordPress shortcode markup in the "shortcode" parameters would be evaluated. Normally unauthenticated users can't evaluate shortcodes as they are often sensitive.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.299

EPSS Ranking 96.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://sec-consult.com/en/blog/advisories/arbitrary-shortcode-execution-local-file-inclusion-in-woof-pluginus-net/index.html
https://wordpress.org/plugins/woocommerce-products-filter/#developers
https://www.woocommerce-filter.com/update-woocommerce-products-filter-v-2-2-0/
https://sec-consult.com/en/blog/advisories/arbitrary-shortcode-execution-local-file-inclusion-in-woof-pluginus-net/index.html
https://wordpress.org/plugins/woocommerce-products-filter/#developers
https://www.woocommerce-filter.com/update-woocommerce-products-filter-v-2-2-0/

Products affected by CVE-2018-8710

Woocommerce-Filter » Woocommerce Products Filter » Version: Any

cpe:2.3:a:woocommerce-filter:woocommerce_products_filter:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-8710

Products

Pricing

Contact Us