CVE-2018-8710

Name of the Vulnerable Software and Affected Versions WooCommerce Products Filter plugin versions prior to 2.2.0

Description A remote code execution issue was discovered in the plugin, allowing unauthenticated users to evaluate WordPress shortcode markup in the shortcode parameters through a woof redraw woof action. This is possible because the plugin implemented a page redraw AJAX function that is accessible without any authentication.

Recommendations For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the woof redraw woof action to prevent unauthenticated users from evaluating shortcodes.