Description
WordPress Plugin WooCommerce Products Filter is prone to multiple vulnerabilities, including local file inclusion and arbitrary code execution vulnerabilities. Exploiting these issues may allow an attacker to obtain sensitive information that could aid in further attacks, or to execute arbitrary commands with the privileges of the user running the application, to compromise the application or the underlying database, to access or modify data or to compromise a vulnerable system. WordPress Plugin WooCommerce Products Filter version 1.1.9 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.2.0 or latest
References
http://wphutte.com/woocommerce-products-filter-v1-1-9-arbitrary-local-file-include/
https://www.woocommerce-filter.com/update-woocommerce-products-filter-v-2-2-0/
Related Vulnerabilities
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.4)
WordPress Plugin AdRoll for WooCommerce Stores Unspecified Vulnerability (2.2.5)
Joomla! Core 3.x.x Cross-Site Scripting (3.1.2 - 3.2.2)
WordPress Plugin Chatbot with IBM Watson Cross-Site Scripting (0.8.20)
WordPress Plugin Support Board-Chat And Help Desk Cross-Site Scripting (1.2.8)