CVE-2020-37174

MEDIUM 5.5

WOOF Products Filter for WooCommerce 1.2.3 Persistent XSS

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

0th

WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text for block toggle' and 'Custom front css styles' that executes on frontend pages when saved, affecting all site visitors.

CWE	CWE-79
Vendor	husky
Product	products filter professional for woocommerce
Published	May 13, 2026

Stay Ahead of the Next One

Get instant alerts for husky products filter professional for woocommerce

Be the first to know when new medium vulnerabilities affecting husky products filter professional for woocommerce are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

HUSKY / Products Filter Professional for WooCommerce

1.2.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/48088 products-filter.com: https://products-filter.com/ wordpress.org: https://wordpress.org/plugins/woocommerce-products-filter/ vulncheck.com: https://www.vulncheck.com/advisories/woof-products-filter-for-woocommerce-persistent-xss

Credits

Shahab.ra.9