CVE-2024-43121 – This vulnerability in the realmag777 HUSKY Word... (How to Fix)

Q: What is the severity of CVE-2024-43121?

CVE-2024-43121 has a CVSS score of 9.1 (CRITICAL). This vulnerability in the realmag777 HUSKY WordPress plugin allows attackers to escalate privileges, potentially gaining administrative access. It affects all WordPress sites using HUSKY versions up to 1.3.6.1.

📋 TL;DR

This vulnerability in the realmag777 HUSKY WordPress plugin allows attackers to escalate privileges, potentially gaining administrative access. It affects all WordPress sites using HUSKY versions up to 1.3.6.1.

💻 Affected Systems

Products:

realmag777 HUSKY WordPress plugin

Versions: n/a through 1.3.6.1

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects WordPress installations with the HUSKY plugin installed and activated.

📦 What is this software?

Husky Products Filter Professional For Woocommerce by Pluginus

View all CVEs affecting Husky Products Filter Professional For Woocommerce →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative control of the WordPress site, allowing them to modify content, install malicious plugins/themes, steal data, or take the site offline.

🟠

Likely Case

Attackers gain elevated privileges to modify site settings, inject malicious code, or access sensitive data they shouldn't have permission to view.

🟢

If Mitigated

With proper access controls and monitoring, unauthorized privilege changes would be detected and blocked before significant damage occurs.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Privilege escalation vulnerabilities in WordPress plugins are frequently exploited once details become public.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3.6.2 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-6-1-privilege-escalation-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find HUSKY plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 1.3.6.2+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable HUSKY plugin

all

Temporarily deactivate the vulnerable plugin until patched

wp plugin deactivate woocommerce-products-filter

🧯 If You Can't Patch

Restrict access to WordPress admin interface using IP whitelisting
Implement strong user role management and audit privilege changes regularly

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > HUSKY version number

Check Version:

wp plugin get woocommerce-products-filter --field=version

Verify Fix Applied:

Verify HUSKY plugin version is 1.3.6.2 or higher

📡 Detection & Monitoring

Log Indicators:

Unexpected user role changes in WordPress logs
Multiple failed login attempts followed by successful admin access

Network Indicators:

Unusual admin panel access from unexpected IP addresses

SIEM Query:

source="wordpress" AND (event="user_role_change" OR event="plugin_activation")

📊 Metadata

CVE ID: CVE-2024-43121

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-269

Published: August 13, 2024

Last Updated: March 12, 2025

🔗 References

https://patchstack.com/database/vulnerability/woocommerce-products-filter/wordpress-husky-plugin-1-3-6-1-privilege-escalation-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43121, you might also want to check these: