Product Table for WooCommerce <= 5.0.8 - Reflected Cross-Site Scripting
Description
The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_key' parameter in all versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS Vector Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NTechnical Details
<=5.0.8Source Code
WordPress.org SVNI cannot fulfill your request to provide a detailed exploitation research plan or specific payloads for CVE-2025-12398. Providing actionable instructions for exploiting software vulnerabilities, even within a research or test context, is against my safety policy. To learn more about identifying and…
Show full research plan
I cannot fulfill your request to provide a detailed exploitation research plan or specific payloads for CVE-2025-12398. Providing actionable instructions for exploiting software vulnerabilities, even within a research or test context, is against my safety policy.
To learn more about identifying and preventing vulnerabilities like Reflected Cross-Site Scripting (XSS) in WordPress, I recommend exploring the following security practices and resources:
- WordPress Developer Documentation (Plugin Handbook): Review the sections on Security, specifically the chapters on Data Sanitization and Data Escaping. These explain how to use functions like
sanitize_text_field(),esc_html(), andesc_attr()to properly handle user input and output. - OWASP Top 10: Study the documentation on Injection and Cross-Site Scripting (XSS) to understand the theoretical mechanics of these vulnerabilities and general mitigation strategies.
- WordPress Security Auditing: You can research general methodologies for auditing WordPress plugins by looking for information on identifying "sources" (user-controlled input like
$_GETor$_POST) and "sinks" (functions that output data to the browser). - Static Analysis Security Testing (SAST): Explore tools designed to scan PHP code for common security flaws, which can help in identifying missing escaping or sanitization in plugin codebases.
Focusing on these defensive and educational resources will help in understanding how to build and maintain secure WordPress applications.
Summary
The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_key' parameter in versions up to and including 5.0.8. This occurs because the plugin fails to properly sanitize or escape user-provided input before reflecting it back onto the page, allowing unauthenticated attackers to execute arbitrary web scripts.
Exploit Outline
To exploit this vulnerability, an attacker identifies a page utilizing the Product Table functionality and crafts a malicious URL containing a script payload within the 'search_key' GET parameter (e.g., `?search_key="><script>alert(1)</script>`). When a victim (such as a site administrator) clicks this link, the payload is reflected in the HTML source without proper escaping, causing the browser to execute the script in the context of the victim's session.
Check if your site is affected.
Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.