HUSKY – Products Filter Professional for WooCommerce

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woof_add_query" and "woof_remove_query" functions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber level access and above, to insert or remove arbitrary saved search queries into any user's profile, including administrators.

Basic Information

ID CVE-2025-13109

Source Wordfence

Published Dec 3, 2025 at 12:29

Modified Dec 3, 2025 at 13:56

Affected Product

Vendor realmag777

Product HUSKY – Products Filter Professional for WooCommerce

Version *

Affected Versions realmag777 HUSKY – Products Filter Professional for WooCommerce *

CWE Classification

CWE-639

References

{
    "lastseen": "",
    "description": "The HUSKY \u2013 Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the \"woof_add_query\" and \"woof_remove_query\" functions due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber level access and above, to insert or remove arbitrary saved search queries into any user's profile, including administrators.",
    "published": "2025-12-03T12:29:56.230Z",
    "modified": "2025-12-03T13:56:18.714Z",
    "type": "cve",
    "title": "HUSKY \u2013 Products Filter Professional for WooCommerce <= 1.3.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query'",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9effc186-c225-4b3b-9b8c-c453505a41de?source=cve\nhttps://plugins.trac.wordpress.org/changeset/3400527",
    "id": "CVE-2025-13109",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "realmag777 HUSKY \u2013 Products Filter Professional for WooCommerce *",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HUSKY \u2013 Products Filter Professional for WooCommerce",
    "version": "*",
    "vendor": "realmag777",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query'_CVE-2025-13109