WP Compare Tables CVE-2025-28883
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
4DescriptionCVE.org
Cross-Site Request Forgery (CSRF) vulnerability in Martin WP Compare Tables allows Stored XSS. This issue affects WP Compare Tables: from n/a through 1.0.5.
AnalysisAI
Cross-Site Request Forgery (CSRF) in WP Compare Tables plugin versions up to 1.0.5 enables attackers to chain CSRF with Stored XSS, allowing persistent malicious script injection via forged administrative requests. Reported by Patchstack, this vulnerability carries a 7.1 CVSS score with changed scope, indicating potential lateral impact beyond the vulnerable plugin. EPSS score of 0.05% (14th percentile) suggests low current exploitation probability, with no public exploit code or CISA KEV listing at time of analysis. Primary risk is targeted attacks against WordPress administrators through social engineering.
Technical ContextAI
This vulnerability exploits the lack of CSRF protection (CWE-352) in the WP Compare Tables WordPress plugin, enabling attackers to chain CSRF with Stored Cross-Site Scripting. The plugin fails to implement proper nonce validation or request verification tokens on administrative actions that accept user-controllable data, allowing malicious code injection into database-stored content. The CVSS scope change (S:C) indicates the injected XSS payload can execute in the context of site visitors beyond just the administrator who was CSRF'd, creating a two-stage attack: first compromise admin via CSRF, then leverage stored XSS to impact all users viewing the affected tables. WordPress plugins commonly store table configuration data in the wp_options or custom database tables without sufficient input sanitization or output encoding, creating persistent XSS vectors when combined with CSRF vulnerabilities.
Affected ProductsAI
WordPress WP Compare Tables plugin versions from unknown starting point through version 1.0.5 are confirmed vulnerable per Patchstack database. The vendor is Martin, and the vulnerability was reported by audit@patchstack.com. Full advisory details are available at https://patchstack.com/database/wordpress/plugin/wp-compare-tables/vulnerability/wordpress-wp-compare-tables-plugin-1-0-5-csrf-to-stored-xss-vulnerability. The starting version of the vulnerable range is not specified in available data, suggesting the vulnerability may exist in all versions up to and including 1.0.5.
RemediationAI
Update WP Compare Tables plugin to version 1.0.6 or later if available-verify current version status at official WordPress plugin repository or vendor website. No specific patched version is confirmed in the provided CVE data, so administrators should check https://patchstack.com/database/wordpress/plugin/wp-compare-tables/vulnerability/wordpress-wp-compare-tables-plugin-1-0-5-csrf-to-stored-xss-vulnerability for latest patch availability. If no patch exists, consider deactivating and removing the plugin if not business-critical. As compensating controls until patch deployment: implement Content Security Policy (CSP) headers with strict-dynamic and nonce-based script execution to mitigate stored XSS impact (trade-off: may break legitimate inline scripts requiring theme/plugin compatibility testing), restrict WordPress admin panel access to specific IP addresses via .htaccess or firewall rules (trade-off: reduces mobility for legitimate administrators), and educate administrators to never click links in emails or messages while logged into WordPress dashboard (trade-off: relies on human behavior which is unreliable). Deploy Web Application Firewall (WAF) rules to detect and block common CSRF patterns in POST requests to WordPress admin-ajax.php and admin-post.php endpoints (trade-off: potential false positives on legitimate admin actions requiring rule tuning).
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today