AI description
CVE-2025-1661 is a local file inclusion (LFI) vulnerability affecting the HUSKY – Products Filter Professional for WooCommerce plugin for WordPress, specifically versions up to and including 1.3.6.5. The vulnerability lies within the 'template' parameter of the `woof_text_search` AJAX action. This allows unauthenticated attackers to potentially include and execute arbitrary files on the server, which could enable them to execute PHP code within those files. Exploitation of this vulnerability could allow attackers to bypass access controls, access sensitive data, and potentially achieve remote code execution, particularly if the server allows uploads of image or other seemingly harmless file types that could contain embedded malicious code. As of March 11, 2025, there is no publicly available proof-of-concept exploit, nor is there evidence of active exploitation. However, technical details about the vulnerability are known.
- Description
- The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-22
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
Una vulnerabilidad crítica expone más de 100.000 sitios con el plugin de WordPress para WooCommerce ➡️ HUSKY – WooCommerce Products Filter Professional - WOOF ⚠️ CVE-2025-1661 permite LFI (Local File Inclusion) https://t.co/8n8PKVZqF0… https://t.co/VaoT5lv6fD
@doncaptador
12 Mar 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Una vulnerabilidad crítica expone más de 100.000 sitios con el plugin de WordPress para WooCommerce ➡️ HUSKY – WooCommerce Products Filter Professional - WOOF ⚠️ CVE-2025-1661 permite LFI (Local File Inclusion) https://t.co/FPb57iq38p https://t.co/mz7LjVSHN0
@elhackernet
12 Mar 2025
10484 Impressions
59 Retweets
155 Likes
37 Bookmarks
1 Reply
3 Quotes
#VulnAlert 🚨 CVE-2025-1661 (9.8) - Path Traversal en el plugin HUSKY para WordPress 🔥 Permite ejecutar archivos arbitrarios en el servidor, incluyendo PHP. Dork: http.body:"plugins/woocommerce-products-filter" Más información: https://t.co/xLv2YMAGL1
@Cyph3R_CyberSec
12 Mar 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Flaw Exposes 100,000+ WooCommerce Sites: Unauthenticated File Inclusion Threatens Total Takeover Learn about CVE-2025-1661, a critical vulnerability in the HUSKY plugin that puts over 100,000 WordPress stores at risk. https://t.co/JegZp2k9S5
@the_yellow_fall
12 Mar 2025
466 Impressions
3 Retweets
9 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CVE-2025-1661 ⚠️🔴 CRITICAL (9.8) 🏢 realmag777 - HUSKY – Products Filter Professional for WooCommerce 🏗️ * 🔗 https://t.co/sjnxOtwS25 🔗 https://t.co/QsRO24E2GS 🔗 https://t.co/pzWRAxkarG 🔗 https://t.co/VE7MdwTpBe #CyberCron #VulnAlert #InfoSec https://t.co/49EwXTwD4x
@cybercronai
11 Mar 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-1661 - WordPress - HIGH 🚨 🗓️ Date published 2025-03-11 04:15:24 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/Ux4ycb0r3L
@vulns_space
11 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1661 The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via th… https://t.co/I6QUs6LSR1
@CVEnew
11 Mar 2025
612 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-1661: CRITICAL] Vulnerability in HUSKY - Products Filter Professional for WooCommerce WordPress plugin (up to v1.3.6.5) allows unauthenticated attackers to execute arbitrary files, potentially compromisi...#cybersecurity,#vulnerability https://t.co/p9nAC0W76x https://t.
@CveFindCom
11 Mar 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes