CVE-2025-1514 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized filter calling due to insufficie…
High CVSS: 7.3

CVE-2025-1514

The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized filter calling due to insufficient restrictions on the get_smth() function in all versions up to, and including, 1.0.6.7. This makes it possible for unauthenticated attackers to call arbitrary WordPress filters with a single parameter.
Vendor
-
Product
-
CWE
CWE-20
Yayın Tarihi
2025-03-26 09:15:15
Güncelleme
2025-03-27 16:45:46
Source Identifier
security@wordfence.com
KEV Date Added
-

Kategoriler

CWE-20 HIGH 2025

Referanslar

https://plugins.trac.wordpress.org/browser/profit-products-tables-for-woocommerce/trunk/index.php#L1753 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3257043%40profit-products-tables-for-woocommerce&new=3257043%40profit-products-tables-for-woocommerce&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/6edf91de-9553-4aa1-a29f-89771c8e852e?source=cve