Vulnerabilities ›

CVE-2020-37174

Medium

CWE-79 — Weakness Type

                    Published: May 13, 2026                      ·  Modified: May 16, 2026                      ·  Source: NVD                

CVSS v3

5.5

🔗 NVD Official

📄 Description (English)

WOOF Products Filter for WooCommerce 1.2.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering XSS payloads in design tab textfields. Attackers can inject JavaScript code through fields like 'Text for block toggle' and 'Custom front css styles' that executes on frontend pages when saved, affecting all site visitors.

🤖 AI Executive Summary

CVE-2020-37174 is a persistent XSS vulnerability in WOOF Products Filter for WooCommerce 1.2.3 that allows authenticated attackers to inject malicious JavaScript through design tab fields. The vulnerability affects all site visitors when malicious scripts are saved, potentially leading to credential theft, malware distribution, or defacement. While requiring authentication, the lack of input validation on CSS and text fields creates significant risk for compromised admin accounts or insider threats.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 25, 2026 13:32

🇸🇦 Saudi Arabia Impact Assessment

Saudi e-commerce businesses using WooCommerce with WOOF plugin are at risk, particularly small and medium enterprises (SMEs) in retail and online sales sectors. Banking and financial services using WooCommerce for payment processing face elevated risk of customer credential theft and fraud. Government entities operating e-commerce platforms for citizen services could experience service disruption and data compromise. Telecom and energy sector online portals accepting customer transactions are vulnerable to payment fraud and customer data exfiltration. Healthcare providers using WooCommerce for medical supply sales risk patient data exposure.

🏢 Affected Saudi Sectors

E-commerce & Retail Banking & Financial Services Government & Public Services Telecommunications Energy & Utilities Healthcare Hospitality & Tourism

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1598 - Phishing T1566 - Phishing T1059 - Command and Scripting Interpreter T1547 - Boot or Logon Autostart Execution T1176 - Browser Extensions T1539 - Steal Web Session Cookie

⚖️ Saudi Risk Score (AI)

6.8

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Audit all WOOF Products Filter installations across your WooCommerce environment

2. Review admin account access logs for suspicious activity or unauthorized changes to design settings

3. Inspect design tab fields ('Text for block toggle', 'Custom front css styles') for injected JavaScript code

4. If malicious code detected, remove it immediately and reset affected admin passwords

Patching Guidance:

1. Disable WOOF Products Filter plugin immediately if no patch is available

2. Contact plugin vendor for security update or consider alternative filtering solutions

3. If update becomes available, test in staging environment before production deployment

Compensating Controls:

1. Implement Web Application Firewall (WAF) rules to detect and block XSS payloads in POST requests to WooCommerce admin

2. Enable Content Security Policy (CSP) headers to restrict inline script execution

3. Restrict admin panel access to specific IP ranges and require multi-factor authentication

4. Implement input validation and output encoding at application level for all user-supplied content

5. Deploy security monitoring to detect unusual JavaScript execution patterns on frontend

Detection Rules:

1. Monitor for POST requests to wp-admin containing script tags or event handlers in design fields

2. Alert on changes to 'Custom front css styles' field containing 'javascript:' or 'onerror=' patterns

3. Track modifications to plugin settings by non-standard admin accounts

4. Monitor frontend page loads for unexpected inline scripts not in original theme/plugin code

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تدقيق جميع تثبيتات WOOF Products Filter عبر بيئة WooCommerce الخاصة بك

2. مراجعة سجلات الوصول لحساب المسؤول للبحث عن نشاط مريب أو تغييرات غير مصرح بها على إعدادات التصميم

3. فحص حقول علامة التصميم ('Text for block toggle'، 'Custom front css styles') بحثاً عن أكواد JavaScript مُحقونة

4. إذا تم اكتشاف أكواد ضارة، قم بإزالتها فوراً وأعد تعيين كلمات مرور المسؤول المتأثرة

إرشادات التصحيح:

1. عطّل مكون WOOF Products Filter فوراً إذا لم يكن هناك تصحيح متاح

2. اتصل بمورد المكون للحصول على تحديث أمني أو فكر في حلول تصفية بديلة

3. إذا أصبح التحديث متاحاً، اختبره في بيئة التطوير قبل نشره في الإنتاج

الضوابط التعويضية:

1. تطبيق قواعد جدار حماية تطبيقات الويب (WAF) للكشف عن حمولات XSS وحجبها في طلبات POST إلى WooCommerce admin

2. تفعيل رؤوس سياسة أمان المحتوى (CSP) لتقييد تنفيذ النصوص البرمجية المضمنة

3. تقييد وصول لوحة التحكم إلى نطاقات IP محددة وتطلب المصادقة متعددة العوامل

4. تطبيق التحقق من صحة المدخلات وترميز المخرجات على مستوى التطبيق لجميع المحتوى المزود من قبل المستخدم

5. نشر المراقبة الأمنية للكشف عن أنماط تنفيذ JavaScript غير العادية على الواجهة الأمامية

قواعد الكشف:

1. مراقبة طلبات POST إلى wp-admin تحتوي على علامات نصية برمجية أو معالجات أحداث في حقول التصميم

2. تنبيه عند تغييرات حقل 'Custom front css styles' يحتوي على أنماط 'javascript:' أو 'onerror='

3. تتبع تعديلات إعدادات المكون بواسطة حسابات مسؤول غير قياسية

4. مراقبة تحميلات صفحات الواجهة الأمامية للبحث عن نصوص برمجية مضمنة غير متوقعة ليست في كود المظهر/المكون الأصلي

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.14.2.1 - Information security requirements for supplier relationships ECC 2024 A.14.2.5 - Addressing information security in supplier agreements ECC 2024 A.5.23 - Access control for information systems ECC 2024 A.8.3.2 - Segregation of duties

🔵 SAMA CSF

Governance & Risk Management - Third-party risk management Information & Cybersecurity - Application security and secure development Information & Cybersecurity - Access control and authentication Resilience - Incident detection and response

🟡 ISO 27001:2022

ISO 27001:2022 A.5.15 - Access control ISO 27001:2022 A.5.16 - Access management ISO 27001:2022 A.8.22 - Information security for supplier relationships ISO 27001:2022 A.8.24 - Management of information security incidents

🟣 PCI DSS v4.0.1

PCI DSS 3.2.1 - Render PAN unreadable PCI DSS 6.5.1 - Injection flaws PCI DSS 6.5.7 - Cross-site scripting (XSS) PCI DSS 7.1 - Limit access to system components

🔗 References & Sources 4

🔗

https://products-filter.com/

disclosure@vulncheck.com

🔗

https://wordpress.org/plugins/woocommerce-products-filter/

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/exploits/48088

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/woof-products-filter-for-woocommerce-persistent-xss

disclosure@vulncheck.com

📊 CVSS Score

5.5

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredH — High

User InteractionN — None / Network

ScopeC — Changed

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.5

CWECWE-79

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-05-13

Source Feed nvd

🇸🇦 Saudi Risk Score

6.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-79

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2020-37174

Introduce Yourself

Sign In Required