CVE-2025-5143 identifies a stored cross-site scripting (XSS) vulnerability in the TableOn – WordPress Posts Table Filterable plugin developed by realmag777. This vulnerability affects all versions up to and including 1.0.4.1. The root cause is insufficient sanitization and escaping of user-supplied input within the tableon_popup_iframe_button shortcode. Specifically, authenticated users with contributor-level permissions or higher can inject arbitrary JavaScript code into pages by manipulating shortcode attributes. When other users access these pages, the injected scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or other malicious actions. The vulnerability does not require user interaction beyond visiting the compromised page and can be exploited remotely over the network. The CVSS v3.1 base score is 6.4, reflecting a medium severity with network attack vector, low attack complexity, and privileges required. The scope is changed because the vulnerability affects other users beyond the attacker. No patches or exploit code are currently publicly available, but the risk remains significant due to the widespread use of WordPress and the plugin. The vulnerability is categorized under CWE-79, which covers improper neutralization of input during web page generation, a common vector for XSS attacks. Detection and mitigation require careful review of user input handling in the plugin and restricting contributor permissions where possible.

The impact of CVE-2025-5143 is primarily on the confidentiality and integrity of affected WordPress sites. Exploitation allows attackers to execute arbitrary JavaScript in the context of the victim's browser, enabling theft of session cookies, defacement, redirection to malicious sites, or execution of further attacks such as phishing or malware delivery. Since the vulnerability is stored XSS, the malicious payload persists and affects all users who visit the compromised page, potentially amplifying the damage. Organizations relying on the TableOn plugin for content presentation risk reputational damage, data leakage, and unauthorized access if exploited. The requirement for contributor-level access means insider threats or compromised contributor accounts can be leveraged. The vulnerability does not affect availability directly but can indirectly disrupt operations through exploitation consequences. Given WordPress's global popularity, the threat surface is broad, affecting websites ranging from small blogs to large enterprises using this plugin. Without timely mitigation, attackers could leverage this vulnerability to establish persistent footholds or conduct targeted attacks against site users.

1. Monitor for and apply official patches or updates from the plugin vendor as soon as they become available. 2. Until patches are released, restrict contributor-level access to trusted users only, minimizing the risk of malicious input injection. 3. Implement additional input validation and output encoding at the application or web server level to sanitize shortcode attributes and user inputs. 4. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious script injection patterns related to the tableon_popup_iframe_button shortcode. 5. Conduct regular security audits and code reviews of plugins, especially those handling user-generated content. 6. Educate content contributors about safe content practices and the risks of injecting untrusted code. 7. Monitor website logs and user activity for signs of exploitation or anomalous behavior. 8. Consider disabling or replacing the vulnerable plugin with alternatives that follow secure coding practices if immediate patching is not feasible. 9. Use Content Security Policy (CSP) headers to limit the impact of potential XSS by restricting script sources. 10. Backup website data regularly to enable recovery in case of compromise.