CVE-2025-12823 identifies a stored Cross-Site Scripting (XSS) vulnerability in the CSV to SortTable plugin for WordPress, which is widely used to convert CSV data into sortable HTML tables. The vulnerability arises from improper neutralization of user input during web page generation, specifically via the 'csv' shortcode attribute. All versions up to and including 4.2 are affected. The root cause is insufficient input sanitization and output escaping, allowing authenticated users with Contributor-level access or higher to inject arbitrary JavaScript code into pages. When other users access these pages, the malicious scripts execute in their browsers, potentially enabling session hijacking, privilege escalation, or unauthorized actions within the context of the affected site. The vulnerability has a CVSS 3.1 base score of 6.4, reflecting a medium severity with network attack vector, low attack complexity, and requiring privileges but no user interaction. The scope is changed (S:C) because the vulnerability can affect other users beyond the attacker. No public exploits are currently known, but the risk remains significant due to the commonality of Contributor roles in WordPress environments. The plugin's widespread use in European organizations' websites, especially those relying on WordPress for content management, increases the threat surface. The vulnerability underscores the importance of secure coding practices around input validation and output encoding in web plugins.

For European organizations, this vulnerability can lead to unauthorized script execution within their WordPress sites, compromising the confidentiality and integrity of user sessions and data. Attackers with Contributor-level access can leverage this flaw to inject persistent malicious scripts, potentially stealing cookies, performing actions on behalf of other users, or defacing websites. This can damage organizational reputation, lead to data breaches, and disrupt business operations. Given the extensive use of WordPress in Europe, especially among SMEs and public sector entities, the impact could be widespread. The vulnerability does not directly affect availability but can indirectly cause service disruptions if exploited for defacement or administrative abuse. The requirement for authenticated access limits the attack surface but does not eliminate risk, as Contributor roles are commonly assigned for content creation. The cross-site scripting nature also raises concerns about compliance with GDPR, as personal data could be exposed through session hijacking or unauthorized access.

European organizations should immediately audit their WordPress installations for the presence of the CSV to SortTable plugin and verify the version in use. Until an official patch is released, restrict Contributor-level user privileges by limiting who can create or edit posts using the 'csv' shortcode. Implement strict role-based access controls to minimize the number of users with Contributor or higher roles. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious shortcode usage or script injection attempts. Regularly monitor website content for unauthorized script insertions or anomalies in pages using the plugin. Educate content creators about the risks of injecting untrusted data into shortcodes. Once a patch becomes available, prioritize its deployment in all affected environments. Additionally, consider disabling or replacing the plugin with alternatives that follow secure coding practices. Conduct periodic security assessments and vulnerability scans focusing on WordPress plugins to detect similar issues proactively.