CVE-2020-37174 - Vulnerability Details

- WOOF Products Filter for WooCommerce 1.2.3 Persistent XSS

Description

WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text for block toggle' and 'Custom front css styles' that executes on frontend pages when saved, affecting all site visitors.

Published: 2026-05-13

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

HUSKY

Products Filter Professional for WooCommerce

affected

Version	Status	Constraints
`1.2.3`	affected	—

No data.

Vendor Product Confidence Versions

Pluginus

Husky - Products Filter Professional For Woocommerce

95%

Version	Status	Scheme	Platform
`1.2.3`	affected	semver	—

Wordpress

80%

Version	Status	Scheme	Platform
`—`	unaffected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00028.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://products-filter.com/
https://wordpress.org/plugins/woocommerce-products-filter/
https://www.exploit-db.com/exploits/48088
https://www.vulncheck.com/advisories/woof-products-filter-for-woocommerce-persistent-xss

History

Fri, 15 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 13 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wordpress Wordpress wordpress
Vendors & Products		Wordpress Wordpress wordpress

Wed, 13 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text for block toggle' and 'Custom front css styles' that executes on frontend pages when saved, affecting all site visitors.
Title		WOOF Products Filter for WooCommerce 1.2.3 Persistent XSS
First Time appeared		Pluginus Pluginus husky - Products Filter Professional For Woocommerce
Weaknesses		CWE-79
CPEs		cpe:2.3:a:pluginus:husky_-_products_filter_professional_for_woocommerce:1.2.3:::::::*
Vendors & Products		Pluginus Pluginus husky - Products Filter Professional For Woocommerce
References		https://products-filter.com/ https://wordpress.org/plugins/woocommerce-products-filter/ https://www.exploit-db.com/exploits/48088 https://www.vulncheck.com/advisories/woof-products-filter-for-woocommerce-persistent-xss
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}`

Subscriptions

Pluginus Husky - Products Filter Professional For Woocommerce

Wordpress Wordpress

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2026-05-13T14:22:29.331Z

Updated: 2026-05-15T13:43:54.111Z

Reserved: 2026-02-10T17:51:52.146Z

Link: CVE-2020-37174

Vulnrichment

Updated: 2026-05-15T13:43:37.879Z

NVD

Status : Deferred

Published: 2026-05-13T16:16:32.880

Modified: 2026-05-13T17:07:21.030

Link: CVE-2020-37174

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-13T17:15:26Z

Weaknesses

CWE-79

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object