This vulnerability arises from insufficient validation of filenames used in PHP include or require statements within the RealMag777 HUSKY plugin for WooCommerce. The improper control allows an attacker to perform Local File Inclusion, potentially executing arbitrary code or accessing sensitive files on the server. The affected versions include all versions up to 1.3.7. The CVSS v3.1 base score is 7.5, indicating high severity with network attack vector, high complexity, low privileges required, no user interaction, and impacts to confidentiality, integrity, and availability.

Successful exploitation can lead to local file inclusion, enabling an attacker to read sensitive files, execute arbitrary code, and fully compromise the affected system's confidentiality, integrity, and availability. The vulnerability requires network access and low privileges but has high attack complexity.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider disabling or removing the affected plugin version and restrict access to vulnerable endpoints. Monitor vendor channels for updates and apply patches promptly once available.