{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1514", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-20T19:48:58.712Z", "datePublished": "2025-03-26T08:21:51.303Z", "dateUpdated": "2026-04-08T16:59:49.511Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:59:49.511Z"}, "affected": [{"vendor": "realmag777", "product": "Active Products Tables for WooCommerce. Use constructor to create tables", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.6.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized filter calling due to insufficient restrictions on the get_smth() function in all versions up to, and including, 1.0.6.7. This makes it possible for unauthenticated attackers to call arbitrary WordPress filters with a single parameter."}], "title": "Active Products Tables for WooCommerce <= 1.0.6.7 - Unauthenticated Arbitrary Filter Call", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6edf91de-9553-4aa1-a29f-89771c8e852e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/profit-products-tables-for-woocommerce/trunk/index.php#L1753"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3257043%40profit-products-tables-for-woocommerce&new=3257043%40profit-products-tables-for-woocommerce&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-20 Improper Input Validation", "cweId": "CWE-20", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Arkadiusz Hydzik"}], "timeline": [{"time": "2025-03-25T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-26T14:04:08.474275Z", "id": "CVE-2025-1514", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T14:12:17.566Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1514", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-26T14:04:08.474275Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T14:12:13.405Z"}}], "cna": {"title": "Active Products Tables for WooCommerce <= 1.0.6.7 - Unauthenticated Arbitrary Filter Call", "credits": [{"lang": "en", "type": "finder", "value": "Arkadiusz Hydzik"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}}], "affected": [{"vendor": "realmag777", "product": "Active Products Tables for WooCommerce. Use constructor to create tables", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.6.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-25T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6edf91de-9553-4aa1-a29f-89771c8e852e?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/profit-products-tables-for-woocommerce/trunk/index.php#L1753"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3257043%40profit-products-tables-for-woocommerce&new=3257043%40profit-products-tables-for-woocommerce&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized filter calling due to insufficient restrictions on the get_smth() function in all versions up to, and including, 1.0.6.7. This makes it possible for unauthenticated attackers to call arbitrary WordPress filters with a single parameter."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:59:49.511Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1514", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:59:49.511Z", "dateReserved": "2025-02-20T19:48:58.712Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-26T08:21:51.303Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized filter calling due to insufficient restrictions on the get_smth() function in all versions up to, and including, 1.0.6.7. This makes it possible for unauthenticated attackers to call arbitrary WordPress filters with a single parameter."}, {"lang": "es", "value": "El complemento Active Products Tables for WooCommerce. Use constructor to create tables para WordPress es vulnerable a llamadas de filtros no autorizadas debido a restricciones insuficientes en la funci\u00f3n get_smth() en todas las versiones hasta la 1.0.6.7 incluida. Esto permite que atacantes no autenticados invoquen filtros arbitrarios de WordPress con un solo par\u00e1metro."}], "id": "CVE-2025-1514", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-03-26T09:15:15.950", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/profit-products-tables-for-woocommerce/trunk/index.php#L1753"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3257043%40profit-products-tables-for-woocommerce&new=3257043%40profit-products-tables-for-woocommerce&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6edf91de-9553-4aa1-a29f-89771c8e852e?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T01:47:36.043110+00:00", "value": {"mitigation_remediation": ["Upgrade the Active Products Tables for WooCommerce plugin to any release newer than 1.0.6.7, which removes the unauthenticated filter invocation flaw.", "If an immediate upgrade is not feasible, disable or remove the vulnerable get_smth() function from the plugin\u2019s code to block unauthenticated filter calls until a patch is applied.", "As a temporary measure, consider disabling the plugin entirely on production servers until a corrective update is deployed."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the realmag777 Active Products Tables for WooCommerce \u2013 Use constructor to create tables plugin for WordPress, specifically all releases through 1.0.6.7. Users who have not upgraded beyond this version are at risk.", "description_and_impact": "The Active Products Tables for WooCommerce plugin contains an insufficiently restricted function that allows callers to trigger any WordPress filter with a single parameter. This lack of authentication opens the door for unauthenticated attackers to invoke arbitrary filters, potentially executing arbitrary PHP code or modifying site behavior. The weakness is a classic case of improper input validation, identified as CWE-20. The impact of a successful exploitation episode could be full control over the affected WordPress site, jeopardizing confidentiality, integrity and availability.", "risk_and_exploitability": "The CVSS score of 7.3 indicates a high severity, while the EPSS score of less than 1% shows a very low likelihood of exploitation in the near term. The vulnerability is not listed in the CISA KEV catalog, suggesting no documented exploits exist yet, but the nature of the flaw allows attackers to conduct arbitrary filter calls remotely, which could be leveraged to execute remote code if malicious filters are present or injected."}}}}, "created": "2026-04-22T02:00:05.034845+00:00", "updated": "2026-04-22T02:00:05.034873+00:00", "vendors": []}