CVE-2025-1514

Name of the Vulnerable Software and Affected Versions Active Products Tables for WooCommerce plugin versions 1.0.6.7 and earlier

Description The issue arises from insufficient restrictions on the get smth() function, allowing unauthenticated attackers to invoke arbitrary WordPress filters with a single parameter. This enables attackers to make unauthorized filter calls.

Recommendations For versions 1.0.6.7 and earlier, as a temporary workaround, consider disabling the get smth() function until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation. Update to a version later than 1.0.6.7 when available.