AI description
CVE-2025-1661 is a local file inclusion (LFI) vulnerability affecting the HUSKY – Products Filter Professional for WooCommerce plugin for WordPress, specifically versions up to and including 1.3.6.5. The vulnerability lies within the 'template' parameter of the `woof_text_search` AJAX action. This allows unauthenticated attackers to potentially include and execute arbitrary files on the server, which could enable them to execute PHP code within those files. Exploitation of this vulnerability could allow attackers to bypass access controls, access sensitive data, and potentially achieve remote code execution, particularly if the server allows uploads of image or other seemingly harmless file types that could contain embedded malicious code. As of March 11, 2025, there is no publicly available proof-of-concept exploit, nor is there evidence of active exploitation. However, technical details about the vulnerability are known.
- Description
- The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-22
- Hype score
- Not currently trending
🔴 WordPress, Local File Inclusion, #CVE-2025-1661 (Critical) https://t.co/3Om26uK2CL
@dailycve
19 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Una vulnerabilidad crítica expone más de 100.000 sitios con el plugin de WordPress para WooCommerce ➡️ HUSKY – WooCommerce Products Filter Professional - WOOF ⚠️ CVE-2025-1661 permite LFI (Local File Inclusion) https://t.co/8n8PKVZqF0… https://t.co/VaoT5lv6fD
@doncaptador
12 Mar 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Una vulnerabilidad crítica expone más de 100.000 sitios con el plugin de WordPress para WooCommerce ➡️ HUSKY – WooCommerce Products Filter Professional - WOOF ⚠️ CVE-2025-1661 permite LFI (Local File Inclusion) https://t.co/FPb57iq38p https://t.co/mz7LjVSHN0
@elhackernet
12 Mar 2025
11605 Impressions
66 Retweets
167 Likes
37 Bookmarks
1 Reply
3 Quotes
Follow @zoomeye_team & Get 7-Day Membership! 🚨ALERT: CVE-2025-1661 (CVSS 9.8)🚨 WooCommerce sites are UNDER ATTACK! Unauthenticated file inclusion vuln could let hackers run any file on your server. Think data theft, site defacement, or TOTAL TAKEOVER. ZoomEye… https://
@zoomeye_team
12 Mar 2025
1626 Impressions
7 Retweets
22 Likes
11 Bookmarks
1 Reply
1 Quote
#VulnAlert 🚨 CVE-2025-1661 (9.8) - Path Traversal en el plugin HUSKY para WordPress 🔥 Permite ejecutar archivos arbitrarios en el servidor, incluyendo PHP. Dork: http.body:"plugins/woocommerce-products-filter" Más información: https://t.co/xLv2YMAGL1
@Cyph3R_CyberSec
12 Mar 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Flaw Exposes 100,000+ WooCommerce Sites: Unauthenticated File Inclusion Threatens Total Takeover Learn about CVE-2025-1661, a critical vulnerability in the HUSKY plugin that puts over 100,000 WordPress stores at risk. https://t.co/JegZp2k9S5
@the_yellow_fall
12 Mar 2025
466 Impressions
3 Retweets
9 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CVE-2025-1661 ⚠️🔴 CRITICAL (9.8) 🏢 realmag777 - HUSKY – Products Filter Professional for WooCommerce 🏗️ * 🔗 https://t.co/sjnxOtwS25 🔗 https://t.co/QsRO24E2GS 🔗 https://t.co/pzWRAxkarG 🔗 https://t.co/VE7MdwTpBe #CyberCron #VulnAlert #InfoSec https://t.co/49EwXTwD4x
@cybercronai
11 Mar 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-1661 - WordPress - HIGH 🚨 🗓️ Date published 2025-03-11 04:15:24 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/Ux4ycb0r3L
@vulns_space
11 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1661 The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via th… https://t.co/I6QUs6LSR1
@CVEnew
11 Mar 2025
612 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-1661: CRITICAL] Vulnerability in HUSKY - Products Filter Professional for WooCommerce WordPress plugin (up to v1.3.6.5) allows unauthenticated attackers to execute arbitrary files, potentially compromisi...#cybersecurity,#vulnerability https://t.co/p9nAC0W76x https://t.
@CveFindCom
11 Mar 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pluginus:husky_-_products_filter_professional_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "E0D61F93-67D0-42D0-86C1-2FBF35CA2385",
"versionEndExcluding": "1.3.6.6"
}
],
"operator": "OR"
}
]
}
]