Approved changes feed: RSS · Atom
cpe:2.3:a:realmag777:husky:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Realmag777 (367987aa-9884-5ea5-b6ea-639a360f4171) |
|---|---|
| Product | Husky (9c9723d9-c3cb-58f6-b7be-d86c55d759ca) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-52708 |
vulnerable | 2026-06-03 15:03:52.251652 |
WordPress HUSKY plugin <= 1.3.7 - Local File Inclusion Vulnerability
HIGH (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 HUSKY woocommerce-products-filter allows PHP Local File Inclusion.This issue affects HUSKY: from n/a through <= 1.3.7.
Published: 2025-06-20T15:03:34.933Z
Updated: 2026-04-28T16:13:17.224Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-26890 |
vulnerable | 2026-06-03 15:00:08.645707 |
WordPress HUSKY plugin <= 1.3.6.4 - Local File Inclusion vulnerability
HIGH (7.5)
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 HUSKY woocommerce-products-filter allows PHP Local File Inclusion.This issue affects HUSKY: from n/a through <= 1.3.6.4.
Published: 2025-03-27T21:53:49.017Z
Updated: 2026-04-28T16:11:42.162Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-7491 |
vulnerable | 2026-06-03 14:58:06.013065 |
HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe
MEDIUM (5.3)
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woof_messenger_remove_subscr AJAX action due to missing validation on the 'key' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to unsubscribe users from a product notification sign-ups, if they can successfully obtain or brute force the key value for users who signed up to receive notifications. This vulnerability requires the plugin's Products Messenger extension to be enabled.
Published: 2024-09-25T02:05:25.979Z
Updated: 2026-04-08T17:27:26.458Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-43121 |
vulnerable | 2026-06-03 14:56:44.521590 |
WordPress HUSKY plugin <= 1.3.6.1 - Privilege Escalation vulnerability
CRITICAL (9.1)
Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1.
Published: 2024-08-13T10:50:48.047Z
Updated: 2026-04-28T16:10:08.385Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40334 |
vulnerable | 2026-06-03 14:52:43.414292 |
WordPress HUSKY plugin <= 1.3.4.2 - Broken Access Control vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in RealMag777 HUSKY woocommerce-products-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HUSKY: from n/a through <= 1.3.4.2.
Published: 2024-12-13T14:24:07.581Z
Updated: 2026-05-11T22:21:39.249Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.