WordPress HUSKY Plugin Security Update Advisory (CVE-2024-6457)

Jul 17 2024

Overview

WordPress has released an update to address a vulnerability in their product. Users of affected versions are advised to update to the latest version.

Affected Products

HUSKY – Products Filter Professional for WooCommerce version: ~ 1.3.6 (inclusive)

Resolved Vulnerabilities

Vulnerable to time-based SQL injection via ‘woof_author’ parameter, which could allow an unauthenticated attacker to append additional SQL queries to an existing query to extract sensitive information from the database (CVE-2024-6457)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

HUSKY – Products Filter Professional for WooCommerce version: 1.3.6.1

Referenced Sites

[1] CVE-2024-6457 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-6457

[2] Wordfence INTELLIGENCE

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-products-filter/husky-products-filter-professional-for-woocommerce-136-unauthenticated-time-based-sql-injection

WordPress HUSKY Plugin Security Update Advisory (CVE-2024-6457)

Siemens Family Security Update Advisory

Atlassian Family July 2024 Security Update Advisory

Tags:

Siemens Family Security Update Advisory

Atlassian Family July 2024 Security Update Advisory