CVE-2025-48266 describes a stored cross-site scripting vulnerability in the RealMag777 Active Products Tables for WooCommerce plugin (versions up to 1.0.6.8). The issue is caused by improper neutralization of input during web page generation, which allows attackers to inject and store malicious scripts that execute when the affected pages are viewed. The vulnerability has a CVSS 3.1 score of 6.5 (medium severity), with network attack vector, low attack complexity, requiring privileges and user interaction, and impacts on confidentiality, integrity, and availability. No patch or official fix information is provided, and no known exploitation in the wild is reported.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to limited disclosure of information, modification of data, or disruption of service. The impact is rated medium based on the CVSS score and vector, reflecting that some user privileges and interaction are required and the scope is changed.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider restricting user input that is rendered by the plugin and applying web application firewall (WAF) rules to detect and block XSS payloads related to this plugin. Monitor vendor channels for updates or patches addressing this vulnerability.