CVE-2024-7491

Summary

CVE-2024-7491 identifies a vulnerability in the HUSKY – Products Filter Professional for WooCommerce plugin for WordPress, affecting all versions up to and including 1.3.6.1. The flaw involves Insecure Direct Object Reference, allowing authenticated attackers with subscriber-level access to unsubscribe users from product notification sign-ups by exploiting the 'key' parameter without proper validation. This vulnerability necessitates that the plugin's Products Messenger extension is enabled to be exploited effectively. To remediate this issue, users should upgrade to a patched version of the plugin as soon as it becomes available. The potential danger includes unauthorized manipulation of user subscriptions, which could lead to user dissatisfaction or loss of trust in an organization’s notification system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.