CVE-2025-11735: 
WordPress vulnerability analysis and mitigation

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress contains a blind SQL Injection vulnerability (CVE-2025-11735) discovered on October 27, 2025. The vulnerability affects all versions up to and including 1.3.7.1. This security flaw exists in the phrase parameter due to insufficient escaping of user-supplied input and inadequate SQL query preparation (NVD Database).

The vulnerability is classified as a SQL Injection (CWE-89) with a CVSS v3.1 base score of 7.5 (HIGH). The attack vector is network-accessible (AV:N), requires low attack complexity (AC:L), needs no privileges (PR:N), requires no user interaction (UI:N), has unchanged scope (S:U), and can result in high confidentiality impact (C:H) with no impact on integrity (I:N) or availability (A:N) (NVD Database).

The vulnerability allows unauthenticated attackers to append additional SQL queries to existing queries, potentially enabling the extraction of sensitive information from the WordPress database. This could lead to unauthorized access to confidential data stored within the database (NVD Database).

Website administrators running the HUSKY – Products Filter Professional for WooCommerce plugin should immediately update to a version newer than 1.3.7.1 once available. Until a patch is released, it is recommended to implement additional security measures such as Web Application Firewalls (WAF) to help protect against SQL injection attacks (NVD Database).