CVE-2025-6387 is a stored Cross-Site Scripting (XSS) vulnerability affecting the WP Get The Table WordPress plugin developed by jonsisk. This vulnerability exists in all versions up to and including version 1.5. The root cause is improper neutralization of input during web page generation, specifically insufficient sanitization and escaping of the 'url' parameter. Authenticated attackers with Contributor-level privileges or higher can exploit this flaw by injecting arbitrary JavaScript code into pages generated by the plugin. When other users visit these injected pages, the malicious scripts execute in their browsers, potentially leading to session hijacking, privilege escalation, or redirection to malicious sites. The vulnerability has a CVSS 3.1 base score of 6.4, indicating a medium severity level. The attack vector is network-based, with low attack complexity and requiring privileges equivalent to a Contributor role. No user interaction is required for the attack to succeed once the malicious script is injected, and the vulnerability impacts confidentiality and integrity but not availability. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability’s scope is 'changed,' meaning it can affect resources beyond the vulnerable component itself, as the injected scripts can impact other users accessing the compromised pages. This vulnerability highlights the importance of proper input validation and output encoding in WordPress plugins, especially those that handle user-generated content or parameters influencing page rendering.

For European organizations using WordPress sites with the WP Get The Table plugin, this vulnerability poses a significant risk to website integrity and user trust. Exploitation could lead to unauthorized script execution in the context of the affected website, enabling attackers to steal session cookies, perform actions on behalf of legitimate users, or deliver malware payloads. This can result in data breaches involving user credentials or personal data, which is particularly sensitive under the GDPR framework. The compromise of website content integrity can also damage brand reputation and lead to regulatory penalties if personal data is exposed. Since contributors and above can exploit this vulnerability, insider threats or compromised contributor accounts increase risk. The vulnerability does not directly affect availability but can indirectly cause service disruptions if exploited to deface sites or inject malicious content that triggers browser blocks or blacklisting by security tools. European organizations with e-commerce, governmental, or public-facing websites are especially vulnerable due to the high value of their data and the potential impact on citizens and customers.

1. Immediate mitigation involves restricting Contributor-level access and above to only trusted users until a patch is available. 2. Implement Web Application Firewall (WAF) rules to detect and block malicious payloads targeting the 'url' parameter in the WP Get The Table plugin. 3. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected pages. 4. Monitor logs for unusual activities related to the plugin’s parameters and user actions. 5. Regularly audit user roles and permissions to minimize the number of users with Contributor or higher privileges. 6. Once available, promptly apply vendor patches or updates that address this vulnerability. 7. Consider temporarily disabling or replacing the WP Get The Table plugin with alternative solutions that have no known vulnerabilities. 8. Educate site administrators and contributors about safe content handling and the risks of XSS attacks. 9. Use security plugins that provide input sanitization and output escaping enhancements for WordPress. These targeted actions go beyond generic advice by focusing on access control, monitoring, and layered defenses specific to the plugin’s attack vector.