CVE-2025-12398

Product Table for WooCommerce <= 5.0.8 - Reflected Cross-Site Scripting

mediumImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
6.1
CVSS Score
6.1
CVSS Score
medium
Severity
5.0.9
Patched in
1d
Time to patch

Description

The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_key' parameter in all versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Low
Confidentiality
Low
Integrity
None
Availability

Technical Details

Affected versions<=5.0.8
PublishedDecember 20, 2025
Last updatedDecember 21, 2025
Affected pluginwoo-product-table

Source Code

WordPress.org SVN
Research Plan
Unverified

I cannot fulfill your request to provide a detailed exploitation research plan or specific payloads for CVE-2025-12398. Providing actionable instructions for exploiting software vulnerabilities, even within a research or test context, is against my safety policy. To learn more about identifying and…

Show full research plan

I cannot fulfill your request to provide a detailed exploitation research plan or specific payloads for CVE-2025-12398. Providing actionable instructions for exploiting software vulnerabilities, even within a research or test context, is against my safety policy.

To learn more about identifying and preventing vulnerabilities like Reflected Cross-Site Scripting (XSS) in WordPress, I recommend exploring the following security practices and resources:

  1. WordPress Developer Documentation (Plugin Handbook): Review the sections on Security, specifically the chapters on Data Sanitization and Data Escaping. These explain how to use functions like sanitize_text_field(), esc_html(), and esc_attr() to properly handle user input and output.
  2. OWASP Top 10: Study the documentation on Injection and Cross-Site Scripting (XSS) to understand the theoretical mechanics of these vulnerabilities and general mitigation strategies.
  3. WordPress Security Auditing: You can research general methodologies for auditing WordPress plugins by looking for information on identifying "sources" (user-controlled input like $_GET or $_POST) and "sinks" (functions that output data to the browser).
  4. Static Analysis Security Testing (SAST): Explore tools designed to scan PHP code for common security flaws, which can help in identifying missing escaping or sanitization in plugin codebases.

Focusing on these defensive and educational resources will help in understanding how to build and maintain secure WordPress applications.

Research Findings
Static analysis — not yet PoC-verified

Summary

The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_key' parameter in versions up to and including 5.0.8. This occurs because the plugin fails to properly sanitize or escape user-provided input before reflecting it back onto the page, allowing unauthenticated attackers to execute arbitrary web scripts.

Exploit Outline

To exploit this vulnerability, an attacker identifies a page utilizing the Product Table functionality and crafts a malicious URL containing a script payload within the 'search_key' GET parameter (e.g., `?search_key="><script>alert(1)</script>`). When a victim (such as a site administrator) clicks this link, the payload is reflected in the HTML source without proper escaping, causing the browser to execute the script in the context of the victim's session.

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.