CVE-2024-3061 – The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is …

29 March 2024

Vuln ID: CVE-2024-3061

Published: 2024-03-29 10:15:09.403

Description: The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.5.2 via the ‘type’ parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Base Score: 7.2 – HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Source: NVD.NIST.GOV

Date:

29 March 2024

Categorie(s):

NVD

Tag(s):

NVD

Elastic VP Chris Townsend Says Data Transformation Critical to Improved Government Services29 April 2024
Study Reveals Alarming Levels of USPS Phishing Traffic29 April 2024
Experts weigh in on the MITRE nation-state cyberattack29 April 2024
New DHS AI safety, security board introduced29 April 2024
Web traffic of fake USPS sites similar to legitimate site29 April 2024