CVE-2025-52727: 
WordPress vulnerability analysis and mitigation

The CSS3 Vertical Web Pricing Tables WordPress plugin (versions up to 1.9) contains a Cross-site Scripting (XSS) vulnerability identified as CVE-2025-52727. The vulnerability was discovered by Tran Nguyen Bao Khanh from VCI - VNPT Cyber Immunity and was publicly disclosed on July 1, 2025. This security issue affects all versions of the plugin through version 1.9 (Patchstack).

The vulnerability is classified as a Reflected Cross-Site Scripting (XSS) issue, stemming from improper neutralization of input during web page generation. It has been assigned a CVSS v3.1 score of 7.1 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is tracked under CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

This vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the affected website. When visitors access the compromised site, these injected scripts would be executed in their browsers (Patchstack).

Site administrators are advised to update to version 2.0 or later of the CSS3 Vertical Web Pricing Tables plugin to resolve the vulnerability. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until the update can be applied (Patchstack).