Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 23 known issues Latest disclosed Dec 17, 2025

HUSKY – Products Filter Professional for WooCommerce Vulnerabilities

Q: Which HUSKY – Products Filter Professional for WooCommerce CVEs are tracked?

HUSKY – Products Filter Professional for WooCommerce tracked CVEs include CVE-2024-32680, CVE-2025-1661, CVE-2024-6457, CVE-2023-40010, and CVE-2018-8711.

Q: How many HUSKY – Products Filter Professional for WooCommerce vulnerabilities have patch guidance?

23 of 23 tracked HUSKY – Products Filter Professional for WooCommerce records include a published patch path.

Review known vulnerability records for the WordPress plugin HUSKY – Products Filter Professional for WooCommerce (`woocommerce-products-filter`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-13110, CVE-2025-13109 and CVE-2025-11735, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Dec 18, 2025

Priority CVE Quick Links

Fast paths into HUSKY – Products Filter Professional for WooCommerce CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2024-32680 Critical 1.3.5.3

CVE-2024-32680 HUSKY – Products Filter Professional for WooCommerce Remote Code Execution

HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.5.2 - Authenticated (Subscriber+) Remote Code Execution

CVE-2025-1661 Critical 1.3.6.6

CVE-2025-1661 HUSKY – Products Filter Professional for WooCommerce Local File Inclusion

HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion

CVE-2024-6457 Critical 1.3.6.1

CVE-2024-6457 HUSKY – Products Filter Professional for WooCommerce SQL Injection

HUSKY - Products Filter Professional for WooCommerce <= 1.3.6 - Unauthenticated Time-Based SQL Injection

CVE-2023-40010 Critical 1.3.4.3

CVE-2023-40010 HUSKY – Products Filter Professional for WooCommerce SQL Injection

HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.2 - Unauthenticated SQL Injection via search terms

CVE-2018-8711 Critical 1.2.0

CVE-2018-8711 HUSKY – Products Filter Professional for WooCommerce Local File Inclusion

WOOF - Products Filter for WooCommerce <= 1.1.9 - Local File Inclusion

CVE-2018-8710 Critical 1.2.0

CVE-2018-8710 HUSKY – Products Filter Professional for WooCommerce Remote Code Execution

WOOF - Products Filter for WooCommerce <= 1.1.9 - Remote Code Execution

CVE-2025-52708 High 1.3.7.1

CVE-2025-52708 HUSKY – Products Filter Professional for WooCommerce Local File Inclusion

HUSKY <= 1.3.7 - Authenticated (Contributor+) Local File Inclusion

CVE-2024-1795 High 1.3.5.3

CVE-2024-1795 HUSKY – Products Filter Professional for WooCommerce SQL Injection

HUSKY – Products Filter for WooCommerce Professional <= 1.3.5.2 - Authenticated (Contributor+) SQL Injection

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for HUSKY – Products Filter Professional for WooCommerce so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

23 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

6 critical and 7 high severity findings.

Recent CVEs

CVE-2025-13110, CVE-2025-13109 and CVE-2025-11735

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2025-13110 Medium Patch path listed

CVE-2025-13110: HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr'

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woof_ad...

Published

Dec 17, 2025

Patch Status

1.3.7.4

Open CVE-2025-13110 Report

CVE-2025-13109 Medium Patch path listed

CVE-2025-13109: HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query'

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woof_ad...

Published

Dec 03, 2025

Patch Status

1.3.7.3

Open CVE-2025-13109 Report

CVE-2025-11735 High Patch path listed

CVE-2025-11735: HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.1 - Unauthenticated SQL Injection via `phrase` Parameter

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the `phrase` parameter in all versions up to, and including, 1.3.7.1 du...

Published

Oct 27, 2025

Patch Status

1.3.7.2

Open CVE-2025-11735 Report

Known Vulnerabilities

Reports for HUSKY – Products Filter Professional for WooCommerce

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-13110

CVE-2025-13110: HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr'

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woof_add_subscr" function due to missing validation on a user controlled key. This makes it possi...

Published

Dec 17, 2025

Patched Release

1.3.7.4

Affected Versions

Versions up to 1.3.7.3

Next Step

Update to 1.3.7.4 or newer if supported.

Open CVE-2025-13110 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-13109

CVE-2025-13109: HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query'

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woof_add_query" and "woof_remove_query" functions due to missing validation on a user controlled...

Published

Dec 03, 2025

Patched Release

1.3.7.3

Affected Versions

Versions up to 1.3.7.2

Next Step

Update to 1.3.7.3 or newer if supported.

Open CVE-2025-13109 Report Open CVE Reference

Plugin High Patched: Yes CVE-2025-11735

CVE-2025-11735: HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.1 - Unauthenticated SQL Injection via `phrase` Parameter

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to blind SQL Injection via the `phrase` parameter in all versions up to, and including, 1.3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

Published

Oct 27, 2025

Patched Release

1.3.7.2

Affected Versions

Versions up to 1.3.7.1

Next Step

Update to 1.3.7.2 or newer if supported.

Open CVE-2025-11735 Report Open CVE Reference

Plugin High Patched: Yes CVE-2025-52708

CVE-2025-52708: HUSKY <= 1.3.7 - Authenticated (Contributor+) Local File Inclusion

The HUSKY plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution...

Published

Jun 19, 2025

Patched Release

1.3.7.1

Affected Versions

Versions up to 1.3.7

Next Step

Update to 1.3.7.1 or newer if supported.

Open CVE-2025-52708 Report Open CVE Reference

Plugin High Patched: Yes CVE-2025-26890

CVE-2025-26890: HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.4 - Unauthenticated Local File Inclusion

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute ar...

Published

Mar 14, 2025

Patched Release

1.3.6.5

Affected Versions

Versions up to 1.3.6.4

Next Step

Update to 1.3.6.5 or newer if supported.

Open CVE-2025-26890 Report Open CVE Reference

Plugin Critical Patched: Yes CVE-2025-1661

CVE-2025-1661: HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.6.5 via the 'template' parameter of the woof_text_search AJAX action. This makes it possible for unauthenticated attackers...

Published

Mar 10, 2025

Patched Release

1.3.6.6

Affected Versions

Versions up to 1.3.6.5

Next Step

Update to 1.3.6.6 or newer if supported.

Open CVE-2025-1661 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-11400

CVE-2024-11400: HUSKY – Products Filter for WooCommerce <= 1.3.6.3 - Reflected Cross-Site Scripting via really_curr_tax Parameter

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the really_curr_tax parameter in all versions up to, and including, 1.3.6.3 due to insufficient input sanitization and output escaping. This makes it...

Published

Nov 19, 2024

Patched Release

1.3.6.4

Affected Versions

Versions up to 1.3.6.3

Next Step

Update to 1.3.6.4 or newer if supported.

Open CVE-2024-11400 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-7491

CVE-2024-7491: HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woof_messenger_remove_subscr AJAX action due to missing validation on the 'key' user controlled ke...

Published

Sep 24, 2024

Patched Release

1.3.6.2

Affected Versions

Versions up to 1.3.6.1

Next Step

Update to 1.3.6.2 or newer if supported.

Open CVE-2024-7491 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-43121

CVE-2024-43121: HUSKY <= 1.3.6.1 - Authenticated (Shop Manager+) Arbitrary Options Update

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to missing option validation on the do_import_data() function in all versions up to, and including, 1.3.6.1....

Published

Aug 07, 2024

Patched Release

1.3.6.2

Affected Versions

Versions up to 1.3.6.1

Next Step

Update to 1.3.6.2 or newer if supported.

Open CVE-2024-43121 Report Open CVE Reference

Plugin Critical Patched: Yes CVE-2024-6457

CVE-2024-6457: HUSKY - Products Filter Professional for WooCommerce <= 1.3.6 - Unauthenticated Time-Based SQL Injection

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ‘woof_author’ parameter in all versions up to, and including, 1.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient p...

Published

Jul 15, 2024

Patched Release

1.3.6.1

Affected Versions

Versions up to 1.3.6

Next Step

Update to 1.3.6.1 or newer if supported.

Open CVE-2024-6457 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-5039

CVE-2024-5039: HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.5.3 due to insufficient input sanitization and output escaping on user supplied attri...

Published

May 28, 2024

Patched Release

1.3.6

Affected Versions

Versions up to 1.3.5.3

Next Step

Update to 1.3.6 or newer if supported.

Open CVE-2024-5039 Report Open CVE Reference

Plugin Critical Patched: Yes CVE-2024-32680

CVE-2024-32680: HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.5.2 - Authenticated (Subscriber+) Remote Code Execution

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute code on the s...

Published

Apr 17, 2024

Patched Release

1.3.5.3

Affected Versions

Versions up to 1.3.5.2

Next Step

Update to 1.3.5.3 or newer if supported.

Open CVE-2024-32680 Report Open CVE Reference