CVE-2025-12324 is a stored Cross-Site Scripting (XSS) vulnerability identified in the TablePress – Tables in WordPress made easy plugin, which is widely used to create and manage tables within WordPress sites. The vulnerability arises from improper neutralization of user-supplied input in the plugin's `table` shortcode attributes, where insufficient input sanitization and lack of output escaping allow malicious scripts to be stored and later executed in the context of any user viewing the affected page. The flaw affects all versions up to and including 3.2.3. An attacker with contributor-level access or higher can exploit this by injecting arbitrary JavaScript code into the shortcode attributes, which is then stored in the WordPress database and rendered on pages. This stored XSS can lead to session hijacking, privilege escalation, defacement, or distribution of malware. The vulnerability has a CVSS v3.1 base score of 6.4, reflecting medium severity, with an attack vector of network, low attack complexity, requiring privileges (contributor or above), no user interaction, and a scope change due to affecting other users. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk to WordPress sites that allow contributor-level users to add or edit tables using TablePress. The plugin’s popularity and WordPress’s widespread use make this a relevant threat. The vulnerability was publicly disclosed on November 4, 2025, with no official patch released at the time of this report.

For European organizations, this vulnerability can compromise the confidentiality and integrity of web applications running WordPress with the TablePress plugin. Attackers with contributor-level access can inject malicious scripts that execute in the browsers of site visitors, potentially stealing session cookies, defacing content, or redirecting users to malicious sites. This can lead to reputational damage, loss of customer trust, and regulatory compliance issues under GDPR if personal data is exposed or manipulated. The scope of impact is significant for organizations that allow multiple contributors or editors to manage content, such as media companies, educational institutions, and e-commerce platforms. The vulnerability does not directly affect availability but can indirectly cause service disruption through defacement or malicious redirects. Since exploitation requires authenticated access, the risk is mitigated somewhat by strong access controls, but insider threats or compromised contributor accounts increase exposure. The medium CVSS score reflects moderate risk, but the potential for chained attacks or lateral movement within the site infrastructure could elevate the impact.

1. Monitor the official TablePress plugin repository and WordPress security advisories for an official patch and apply it immediately upon release. 2. Until a patch is available, restrict contributor-level access to trusted users only and review user permissions to minimize the number of users who can edit tables. 3. Implement Web Application Firewall (WAF) rules to detect and block suspicious shortcode attribute inputs containing script tags or JavaScript code patterns. 4. Use security plugins that provide additional input sanitization and output escaping for shortcode attributes as a temporary workaround. 5. Conduct regular security audits of user-generated content, especially tables created via TablePress, to detect and remove injected scripts. 6. Educate content contributors about the risks of injecting untrusted code and enforce strict content submission guidelines. 7. Harden WordPress installations by disabling unnecessary plugins and enforcing strong authentication mechanisms such as MFA for contributor accounts. 8. Employ Content Security Policy (CSP) headers to restrict the execution of inline scripts and reduce the impact of XSS attacks. 9. Regularly back up website data to enable quick restoration in case of compromise.