Cross-Site Scripting in QuanticaLabs CSS3 Compare Pricing Tables Plugin for WordPress
CVE-2025-47554

7.1HIGH

Key Information:

Vendor

WordPress
Status
Css3 Compare Pricing Tables For WordPress
Vendor
CVE Published:
16 July 2025

What is CVE-2025-47554?

A Cross-Site Scripting vulnerability exists in the QuanticaLabs CSS3 Compare Pricing Tables plugin for WordPress, allowing attackers to inject malicious scripts into web pages viewed by other users. This issue arises from improper handling of input during page generation, leading to reflected XSS conditions. This vulnerability affects all versions up to 11.6 of the plugin, potentially compromising the security of affected websites and exposing users to various security threats.

Affected Version(s)

CSS3 Compare Pricing Tables for WordPress <= 11.6

References

https://patchstack.com/database/wordpress/plugin/css3_web...
vdb-entry

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)
.
CVE-2025-47554 : Cross-Site Scripting in QuanticaLabs CSS3 Compare Pricing Tables Plugin for WordPress