CVE-2025-1514

HIGH Year: 2025
CVSS v3 Score
7.3
High
Weakness Type
CWE-20
View all →

Vulnerability Description

The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized filter calling due to insufficient restrictions on the get_smth() function in all versions up to, and including, 1.0.6.7. This makes it possible for unauthenticated attackers to call arbitrary WordPress filters with a single parameter.

Related Vulnerabilities

CVE-2009-5147

HIGH
CVSS:7.3(High)

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.

CWE-202009

CVE-2013-0165

HIGH
CVSS:7.3(High)

cartridges/openshift-origin-cartridge-mongodb-2.2/info/bin/dump.sh in OpenShift does not properly create files in /tmp.

CWE-202013

CVE-2013-4245

HIGH
CVSS:7.3(High)

Orca has arbitrary code execution due to insecure Python module load

CWE-202013

CVE-2015-6863

HIGH
CVSS:7.3(High)

HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.

CWE-202015

CVE-2015-6934

HIGH
CVSS:7.3(High)

Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow ...

CWE-202015

CVE-2015-8607

HIGH
CVSS:7.3(High)

The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypa...

CWE-202015