What is the severity of CVE-2025-0864?

CVE-2025-0864 is classified as a moderate severity vulnerability due to its ability to enable reflected cross-site scripting attacks.

How do I fix CVE-2025-0864?

To fix CVE-2025-0864, update the Active Products Tables for WooCommerce plugin to version 1.0.6.7 or later, which includes the necessary input sanitization and output escaping improvements.

What versions of Active Products Tables for WooCommerce are affected by CVE-2025-0864?

CVE-2025-0864 affects all versions of Active Products Tables for WooCommerce up to and including version 1.0.6.6.

What kind of attacks does CVE-2025-0864 allow?

CVE-2025-0864 allows attackers to execute reflected cross-site scripting attacks through insufficient input sanitization of the 'shortcodes_set' parameter.

Is there a known exploit for CVE-2025-0864?

As of now, CVE-2025-0864 does not publicly have a known exploit, but the vulnerability significantly increases the risk of XSS attacks on affected sites.

Vulnerability/
CVE-2025-0864

medium

6.1

CWE

18/2/2025

21/2/2025

CVE-2025-0864: Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.6 - Reflected Cross-Site Scripting

First published: Tue Feb 18 2025(Updated: )

The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodes_set' parameter in all versions up to, and including, 1.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Credit: security@wordfence.com

Affected Software	Affected Version	How to fix
WooCommerce Active Products Tables for WooCommerce	<=1.0.6.6
WooCommerce Active Products Tables for WooCommerce	<1.0.6.7

Remedy

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3235888%40profit-products-tables-for-woocommerce&new=3235888%40profit-products-tables-for-woocommerce&sfp_email=&sfph_mail=

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-0864?
CVE-2025-0864 is classified as a moderate severity vulnerability due to its ability to enable reflected cross-site scripting attacks.
How do I fix CVE-2025-0864?
To fix CVE-2025-0864, update the Active Products Tables for WooCommerce plugin to version 1.0.6.7 or later, which includes the necessary input sanitization and output escaping improvements.
What versions of Active Products Tables for WooCommerce are affected by CVE-2025-0864?
CVE-2025-0864 affects all versions of Active Products Tables for WooCommerce up to and including version 1.0.6.6.
What kind of attacks does CVE-2025-0864 allow?
CVE-2025-0864 allows attackers to execute reflected cross-site scripting attacks through insufficient input sanitization of the 'shortcodes_set' parameter.
Is there a known exploit for CVE-2025-0864?
As of now, CVE-2025-0864 does not publicly have a known exploit, but the vulnerability significantly increases the risk of XSS attacks on affected sites.

agent/weakness
agent/references
agent/title
agent/first-publish-date
agent/description
agent/type
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/author
agent/source
agent/severity
collector/nvd-api
source/NVD
agent/event
agent/last-modified-date
agent/remedy
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/woocommerce
canonical/woocommerce active products tables for woocommerce
vendor/pluginus