Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A local file inclusion issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input validation on render_html before allowing it to be called by extract(), a PHP built-in function. Because of this, the supplied args/input can be used to overwrite the $pagepath variable, which then could lead to a local file inclusion attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress WooCommerce Products Filter插件安全漏洞
Vulnerability Description
WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台,该平台支持在PHP和MySQL的服务器上架设个人博客网站。WooCommerce Products Filter(又名WOOF)plugin是使用其中的一个条件筛选插件。 WordPress WooCommerce Products Filter插件2.2.0之前版本中存在本地文件包括漏洞,该漏洞源于程序缺少输入验证检测。攻击者可借助‘shortcode’参数向admin-ajax.php脚本发送特制的URL请求利用该漏洞
CVSS Information
N/A
Vulnerability Type
N/A