CVE-2025-13109
BaseFortify
Publication date: 2025-12-03
Last updated on: 2025-12-04
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| husky | products_filter_professional_for_woocommerce | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Insecure Direct Object Reference (IDOR) in the HUSKY β Products Filter Professional for WooCommerce WordPress plugin, affecting all versions up to 1.3.7.2. It occurs in the functions 'woof_add_query' and 'woof_remove_query' due to missing validation on a user-controlled key. This flaw allows authenticated users with subscriber-level access or higher to insert or remove saved search queries in any user's profile, including administrators, without proper authorization checks. [2]
How can this vulnerability impact me? :
This vulnerability can allow an authenticated attacker with subscriber-level access or higher to manipulate saved search queries in other users' profiles, including administrators. This unauthorized modification could lead to confusion, disruption of normal operations, or potential misuse of saved filters. Although it does not directly impact confidentiality or availability, it compromises the integrity of user data and settings within the plugin. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on monitoring AJAX requests to the vulnerable plugin's endpoints, specifically calls to the `woof_add_query` and `woof_remove_query` functions. Look for POST requests containing parameters like `user_id`, `link`, or `key` that attempt to add or remove saved queries. Since the vulnerability involves authenticated users with subscriber or higher roles manipulating saved queries, reviewing logs for unusual or unauthorized changes to user meta related to saved queries is recommended. Specific commands depend on your environment, but for example, on a Linux server with access logs, you could use: `grep 'wp-admin/admin-ajax.php' /path/to/access.log | grep -E 'woof_add_query|woof_remove_query'` to find relevant AJAX calls. Additionally, inspecting WordPress database user meta entries for unexpected modifications to saved queries may help detect exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the HUSKY β Products Filter Professional for WooCommerce plugin to a version that includes the security fix (post version 1.3.7.2). The fix enforces nonce verification, input validation, permission checks restricting users to modify only their own saved queries unless they have administrative capabilities, and sanitizes all inputs. If an update is not immediately possible, restrict access to the plugin's AJAX handlers by limiting authenticated user roles that can access these functions or temporarily disabling the plugin. Monitoring and auditing user actions related to saved queries can also help mitigate risk until the patch is applied. [2]