A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication. WordPress shortcode markup in the "shortcode" parameters would be evaluated. Normally unauthenticated users can't evaluate shortcodes as they are often sensitive.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-03-14T19:00:00Z
Updated: 2024-09-16T16:27:32.479Z
Reserved: 2018-03-14T00:00:00Z
Link: CVE-2018-8710
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-03-14T19:29:00.720
Modified: 2024-11-21T04:14:10.840
Link: CVE-2018-8710
Redhat
No data.