First published: Tue Apr 01 2025(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nick McReynolds Product Table by WBW allows Reflected XSS. This issue affects Product Table by WBW: from n/a through 2.1.4.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
Woobewoo Product Table for Wordpress | <=2.1.4 | |
Woobewoo Product Table for WordPress | <=2.1.4 |
Update the WordPress Product Table by WBW plugin to the latest available version (at least 2.1.5).
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2025-31086 is classified as a medium-level security vulnerability due to its potential for reflected cross-site scripting.
To fix CVE-2025-31086, update the Product Table by WBW plugin to version 2.1.5 or later.
CVE-2025-31086 affects all versions of the Product Table by WBW plugin up to and including version 2.1.4.
CVE-2025-31086 is a Cross-site Scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages.
The vendor for CVE-2025-31086 is WBW, specifically for their Product Table plugin for WordPress.