CVE-2025-0864 identifies a reflected cross-site scripting (XSS) vulnerability in the WordPress plugin 'Active Products Tables for WooCommerce. Use constructor to create tables' developed by realmag777. This vulnerability affects all versions up to and including 1.0.6.6. The root cause is improper neutralization of input during web page generation, specifically insufficient sanitization and escaping of the 'shortcodes_set' parameter. Because the plugin fails to properly handle this input, an attacker can craft a malicious URL containing a script payload within this parameter. When a victim user clicks on such a link, the injected script executes in their browser context, potentially stealing session cookies, performing actions on behalf of the user, or redirecting to malicious sites. The vulnerability is exploitable remotely without authentication but requires user interaction (clicking a link). The CVSS 3.1 base score is 6.1 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, user interaction needed, and impacts on confidentiality and integrity but not availability. No patches or fixes are currently linked, and no known exploits have been reported in the wild. This vulnerability is classified under CWE-79, a common web application security weakness related to cross-site scripting. Given the widespread use of WooCommerce and WordPress, this vulnerability poses a risk to many e-commerce websites using this plugin for product table display.

The primary impact of CVE-2025-0864 is the compromise of user confidentiality and integrity through reflected XSS attacks. Attackers can steal session tokens, impersonate users, or perform unauthorized actions within the context of the victim's browser session. This can lead to account takeover, data leakage, or fraudulent transactions on affected e-commerce sites. Although the vulnerability does not directly affect system availability, successful exploitation can damage organizational reputation and customer trust. Since the attack requires user interaction, social engineering or phishing campaigns may be used to lure victims. The vulnerability affects all sites using the vulnerable plugin versions, which may be numerous given WooCommerce's popularity. Organizations relying on this plugin for product display tables are at risk of targeted attacks, especially those with high-value transactions or sensitive customer data. The lack of known exploits in the wild suggests limited current active exploitation but does not preclude future attacks once exploit code becomes available.

To mitigate CVE-2025-0864, organizations should first check for updates from the plugin vendor and apply any available patches promptly once released. In the absence of an official patch, site administrators should consider temporarily disabling the vulnerable plugin or removing it if feasible. Implementing a Web Application Firewall (WAF) with rules to detect and block suspicious input patterns in the 'shortcodes_set' parameter can help prevent exploitation attempts. Additionally, site owners should enforce Content Security Policy (CSP) headers to restrict script execution sources, reducing the impact of injected scripts. Educating users about phishing risks and encouraging cautious behavior when clicking links can reduce successful exploitation. Developers maintaining the plugin should implement proper input validation, sanitization, and output encoding for all user-controllable parameters. Regular security audits and vulnerability scanning of WordPress plugins are recommended to identify and remediate similar issues proactively.