CVE-2020-37174

MEDIUM

WOOF Products Filter for WooCommerce 1.2.3 Persistent XSS

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37174. PoCs published by Shahab.ra.9.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in the WOOF Products Filter for WooCommerce plugin (version 1.2.3). The attacker injects malicious JavaScript into the plugin's design settings, which executes when the page is refreshed or viewed on the frontend.

Description

WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text for block toggle' and 'Custom front css styles' that executes on frontend pages when saved, affecting all site visitors.

Exploits (1)

exploitdb WORKING POC

by Shahab.ra.9 · textwebappsphp

https://www.exploit-db.com/exploits/48088

View Code ZIP pw:eip

This exploit demonstrates a persistent XSS vulnerability in the WOOF Products Filter for WooCommerce plugin (version 1.2.3). The attacker injects malicious JavaScript into the plugin's design settings, which executes when the page is refreshed or viewed on the frontend.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WOOF Products Filter for WooCommerce 1.2.3

Auth required

Prerequisites: Access to WordPress admin panel · WOOF plugin installed and activated

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed May 13, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-48088

https://www.exploit-db.com/exploits/48088

Product product

Official Product Homepage

https://products-filter.com/

Product product

Product Reference

https://wordpress.org/plugins/woocommerce-products-filter/

Third Party Advisory third-party-advisory

VulnCheck Advisory: WOOF Products Filter for WooCommerce 1.2.3 Persistent XSS

https://www.vulncheck.com/advisories/woof-products-filter-for-woocommerce-persistent-xss

Scores

CVSS v3 5.5

EPSS 0.0026

EPSS Percentile 16.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

HUSKY/Products Filter Professional for WooCommerce 1.2.3

Published May 13, 2026

Tracked Since May 13, 2026