A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication. WordPress shortcode markup in the "shortcode" parameters would be evaluated. Normally unauthenticated users can't evaluate shortcodes as they are often sensitive.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-14T19:00:00Z

Updated: 2024-09-16T16:27:32.479Z

Reserved: 2018-03-14T00:00:00Z

Link: CVE-2018-8710

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-03-14T19:29:00.720

Modified: 2024-11-21T04:14:10.840

Link: CVE-2018-8710

cve-icon Redhat

No data.