The HUSKY WordPress plugin before 1.3.2 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Husky_-_products_filter_professional_for_woocommerce | Pluginus | * | 1.3.2 (excluding) |