Plugin icon

HUSKY – Products Filter Professional for WooCommerce

woocommerce-products-filter

Vulnerabilities:

22

Last Updated:

March 19, 2026

Active Installs:

90000

Published
Title
Fixed in
CVSS
Published
2025-12-17
Title
HUSKY – Products Filter Professional for WooCommerce < 1.3.7.4 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr'
Fixed in
Fixed in 1.3.7.4
CVSS
4.3 (medium)
Published
2025-12-03
Title
HUSKY – Products Filter Professional for WooCommerce < 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query'
Fixed in
Fixed in 1.3.7.3
CVSS
4.3 (medium)
Published
2025-10-27
Title
HUSKY < 1.3.7.2 - Unauthenticated SQL Injection via `phrase` Parameter
Fixed in
Fixed in 1.3.7.2
CVSS
7.5 (high)
Published
2025-06-19
Title
HUSKY < 1.3.7.1 - Contributor+ Local File Inclusion
Fixed in
Fixed in 1.3.7.1
CVSS
7.2 (high)
Published
2025-03-14
Title
HUSKY < 1.3.6.5 - Subscriber+ Local File Inclusion
Fixed in
Fixed in 1.3.6.5
CVSS
7.5 (high)
Published
2025-03-10
Title
HUSKY < 1.3.6.6 - Unauthenticated Local File Inclusion
Fixed in
Fixed in 1.3.6.6
CVSS
9.8 (critical)
Published
2024-11-19
Title
HUSKY – Products Filter for WooCommerce < 1.3.6.4 - Reflected Cross-Site Scripting via really_curr_tax Parameter
Fixed in
Fixed in 1.3.6.4
CVSS
6.1 (medium)
Published
2024-09-24
Title
HUSKY – Products Filter Professional for WooCommerce < 1.3.6.2 - Insecure Direct Object Reference to Unsubscribe
Fixed in
Fixed in 1.3.6.2
CVSS
5.3 (medium)
Published
2024-08-07
Title
HUSKY < 1.3.6.2 - Authenticated (Shop Manager+) Arbitrary Options Update
Fixed in
Fixed in 1.3.6.2
CVSS
7.2 (high)
Published
2024-07-15
Title
HUSKY - Products Filter Professional for WooCommerce < 1.3.6.1 - Unauthenticated Time-Based SQL Injection
Fixed in
Fixed in 1.3.6.1
CVSS
9.8 (critical)
Published
2024-05-28
Title
HUSKY – Products Filter Professional for WooCommerce < 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Fixed in
Fixed in 1.3.6
CVSS
6.4 (medium)
Published
2024-04-17
Title
HUSKY – Products Filter for WooCommerce (formerly WOOF) < 1.3.5.3 - Subscriber+ Remote Code Execution
Fixed in
Fixed in 1.3.5.3
CVSS
9.9 (critical)
Published
2024-03-28
Title
HUSKY – Products Filter for WooCommerce (formerly WOOF) < 1.3.5.2 - Cross-Site Request Forgery
Fixed in
Fixed in 1.3.5.2
CVSS
4.3 (medium)
Published
2024-03-28
Title
HUSKY < 1.3.5.3 - Admin+ Local File Inclusion
Fixed in
Fixed in 1.3.5.3
CVSS
6.6 (medium)
Published
2024-03-14
Title
HUSKY – Products Filter for WooCommerce Professional < 1.3.5.3 - Contributor+ SQL Injection
Fixed in
Fixed in 1.3.5.3
CVSS
8.8 (high)
Published
2024-03-14
Title
HUSKY – Products Filter for WooCommerce Professional < 1.3.5.2 - Contributor+ Stored Cross-Site Scripting via Shortcode
Fixed in
Fixed in 1.3.5.2
CVSS
6.4 (medium)
Published
2023-12-22
Title
HUSKY < 1.3.4.4 - Multiple Connections/Stats CSRF
Fixed in
Fixed in 1.3.4.4
CVSS
4.3 (medium)
Published
2023-11-27
Title
HUSKY – Products Filter for WooCommerce (formerly WOOF) < 1.3.4.3 - Unauthenticated SQL Injection via search terms
Fixed in
Fixed in 1.3.4.3
CVSS
9.8 (critical)
Published
2023-11-23
Title
HUSKY – Products Filter for WooCommerce (formerly WOOF) < 1.3.4.3 - Missing Authorization via woof_meta_get_keys()
Fixed in
Fixed in 1.3.4.3
CVSS
4.3 (medium)
Published
2023-01-11
Title
WOOF - Products Filter for WooCommerce < 1.3.2 - Admin+ PHP Object Injection
Fixed in
Fixed in 1.3.2
CVSS
3.3 (low)
Published
2021-12-28
Title
WOOF - Products Filter for WooCommerce < 1.2.6.3 - Reflected Cross-Site Scripting
Fixed in
Fixed in 1.2.6.3
CVSS
7.5 (high)
Published
2018-03-14
Title
WooCommerce Products Filter < 1.2.0 - Multiple Issues
Fixed in
Fixed in 1.2.0
CVSS
9.8 (critical)