CVE-2018-8710
First published: Wed Mar 14 2018(Updated: )
A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication. WordPress shortcode markup in the "shortcode" parameters would be evaluated. Normally unauthenticated users can't evaluate shortcodes as they are often sensitive.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HUSKY – Products Filter for WooCommerce | <2.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-8710?
CVE-2018-8710 has been assigned a high severity rating due to its potential for remote code execution.
How do I fix CVE-2018-8710?
To fix CVE-2018-8710, update the WooCommerce Products Filter plugin to version 2.2.0 or later.
What systems are affected by CVE-2018-8710?
CVE-2018-8710 affects WooCommerce Products Filter versions prior to 2.2.0 installed on WordPress sites.
Can CVE-2018-8710 be exploited remotely?
Yes, CVE-2018-8710 can be exploited remotely due to its AJAX functionality that does not require authentication.
What are the potential impacts of CVE-2018-8710?
The potential impacts of CVE-2018-8710 include unauthorized remote code execution, which can lead to site compromise.
- agent/type
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/woocommerce-filter
- canonical/husky – products filter for woocommerce