HUSKY – Products Filter Professional for WooCommerce

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the "woof_add_subscr" function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber level access and above, to create product messenger subscriptions on behalf of arbitrary users, including administrators.

Basic Information

ID CVE-2025-13110

Source Wordfence

Published Dec 18, 2025 at 12:22

Affected Product

Vendor realmag777

Product HUSKY – Products Filter Professional for WooCommerce

Version *

Affected Versions realmag777 HUSKY – Products Filter Professional for WooCommerce *

CWE Classification

CWE-639

References

{
    "lastseen": "",
    "description": "The HUSKY \u2013 Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.3 via the \"woof_add_subscr\" function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber level access and above, to create product messenger subscriptions on behalf of arbitrary users, including administrators.",
    "published": "2025-12-18T12:22:27.500Z",
    "modified": "2025-12-18T12:22:27.500Z",
    "type": "cve",
    "title": "HUSKY \u2013 Products Filter Professional for WooCommerce <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr'",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9ea2dfc5-0dcc-4ea1-9ade-d59021e078fa?source=cve\nhttps://plugins.trac.wordpress.org/changeset/3412492/woocommerce-products-filter\nhttps://plugins.trac.wordpress.org/changeset/3415428/woocommerce-products-filter",
    "id": "CVE-2025-13110",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "realmag777 HUSKY \u2013 Products Filter Professional for WooCommerce *",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HUSKY \u2013 Products Filter Professional for WooCommerce",
    "version": "*",
    "vendor": "realmag777",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr'_CVE-2025-13110