CVE-2025-13418
Responsive Pricing Table <= 5.1.12 - Authenticated (Author+) Stored Cross-Site ScriptingThe Responsive Pricing Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'plan_icons' parameter in all versions up to, and including, 5.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 4,594 live websites that are affected by CVE-2025-13418.
Affected Software
| Product |  Dk Pricr Responsive Pricing Table |
| Category | Wordpress Plugins |
| Vulnerable Domains | 4,594 live websites (100% of Dk Pricr Responsive Pricing Table install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 11 versions ( 100% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jan 7, 2026
- Updated - Jan 7, 2026
Credits
- Itthidej Aramsri (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-13418 United States | 1,532 websites |
 Germany | 484 websites |
 GB | 316 websites |
 Netherlands | 274 websites |
 France | 269 websites |
 Spain | 135 websites |
 Italy | 115 websites |
 Canada | 115 websites |
 Poland | 110 websites |
 Australia | 89 websites |
Website Distribution by TLD
Number of websites using CVE-2025-13418| .com | 2,206 websites |
| .de | 246 websites |
| .co.uk | 227 websites |
| .nl | 185 websites |
| .net | 127 websites |
| .org | 120 websites |
| .fr | 115 websites |
| .com.au | 85 websites |
| .pl | 84 websites |
| .it | 80 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-13418
Top websites that are affected by CVE-2025-13418. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.com | United States | **,*** | |
| ***********************.be | Netherlands | **,*** | |
| *********.de | Germany | **,*** | |
| ******.com | United States | **,*** | |
| ********.com |  Chile | **,*** | |
| ***********.com | Germany | **,*** | |
| *************.com | United States | **,*** | |
| ****************.nl | Netherlands | ***,*** | |
| ***************.com | United States | ***,*** | |
| ***.***.edu | United States | ***,*** |
FAQ
CVE-2025-13418 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Dk Pricr Responsive Pricing Table
A total of 4,594 websites have been identified as vulnerable to CVE-2025-13418, based on global website indexing conducted by WebTechSurvey.
The Dk Pricr Responsive Pricing Table is affected by the CVE-2025-13418 vulnerability.
Dk Pricr Responsive Pricing Table versions up to and including 5.1.12 are vulnerable to CVE-2025-13418.