WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text for block toggle' and 'Custom front css styles' that executes on frontend pages when saved, affecting all site visitors.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Pluginus
  • Husky - Products Filter Professional For Woocommerce
Wordpress
  • Wordpress

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Pluginus
  • Husky - Products Filter Professional For Woocommerce
Wordpress
  • Wordpress
References
Link Providers
https://products-filter.com/ cve-icon cve-icon
https://wordpress.org/plugins/woocommerce-products-filter/ cve-icon cve-icon
https://www.exploit-db.com/exploits/48088 cve-icon cve-icon
https://www.vulncheck.com/advisories/woof-products-filter-for-woocommerce-persistent-xss cve-icon cve-icon
History

Wed, 13 May 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text for block toggle' and 'Custom front css styles' that executes on frontend pages when saved, affecting all site visitors.
Title WOOF Products Filter for WooCommerce 1.2.3 Persistent XSS
First Time appeared Pluginus
Pluginus husky - Products Filter Professional For Woocommerce
Weaknesses CWE-79
CPEs cpe:2.3:a:pluginus:husky_-_products_filter_professional_for_woocommerce:1.2.3:*:*:*:*:*:*:*
Vendors & Products Pluginus
Pluginus husky - Products Filter Professional For Woocommerce
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-13T14:22:29.331Z

Reserved: 2026-02-10T17:51:52.146Z

Link: CVE-2020-37174

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-13T16:16:32.880

Modified: 2026-05-13T17:07:21.030

Link: CVE-2020-37174

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T17:15:26Z