Local File Inclusion Vulnerability in HUSKY Products Filter for WooCommerce by WordPress
Posted: Sun Oct 05, 2025 5:03 am
CVE-2025-1661 is a critical vulnerability found in the HUSKY – Products Filter Professional plugin for WooCommerce, widely used within WordPress sites. This vulnerability allows unauthorized attackers to perform Local File Inclusion (LFI) through manipulation of the 'template' parameter in the woof_text_search AJAX action. By exploiting this flaw, attackers can include and execute arbitrary files on the server, leading to significant security risks for organizations utilizing this plugin. Unmitigated, this vulnerability could lead to unauthorized access to sensitive data, disruption of services, and the execution of malicious code.
https://securityvulnerability.io/vulner ... -2025-1661
https://securityvulnerability.io/vulner ... -2025-1661