Reflected XSS Vulnerability in Product Table for WooCommerce by WordPress
CVE-2025-12398

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Product Table For WooCommerce
Vendor: CVE Published:; 21 December 2025

What is CVE-2025-12398?

The Product Table for WooCommerce plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping in the 'search_key' parameter. This flaw can allow unauthenticated attackers to inject malicious web scripts into pages, triggering execution when unsuspecting users engage with compromised links. Users should exercise caution and apply updates to minimize exposure to potential exploits.

Affected Version(s)

Product Table for WooCommerce 0 <= 5.0.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 21, 2025
Vulnerability Reserved
Oct 28, 2025

Credit

Athiwat Tiprasaharn

CVE-2025-12398 Data

JSON