Lucene search

K

WordPress Tables Security Vulnerabilities

cve
cve

CVE-2024-4354

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the get_files_to_import() function. This makes it possible for authenticated attackers, with author-level access and above, to make web...

6.4CVSS

6.6AI Score

0.001EPSS

2024-06-07 06:15 AM
24
cve
cve

CVE-2024-3821

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdt_ajax_actions.php file in all versions up to, and including, 6.3.2. This makes it possible for...

7.3CVSS

7AI Score

0.0005EPSS

2024-06-01 09:15 AM
6
cve
cve

CVE-2024-3820

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to SQL Injection via the 'id_key' parameter of the wdt_delete_table_row AJAX action in all versions up to, and including, 6.3.1 due to insufficient escaping on the user supplied...

10CVSS

7.8AI Score

0.001EPSS

2024-06-01 09:15 AM
12
cve
cve

CVE-2024-4895

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping. This makes it.....

4.7CVSS

6AI Score

0.001EPSS

2024-05-23 03:15 AM
28
cve
cve

CVE-2024-3750

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible for authenticated...

8.8CVSS

7.1AI Score

0.001EPSS

2024-05-16 03:15 AM
25
cve
cve

CVE-2024-0591

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible.....

6.1CVSS

6.4AI Score

0.0004EPSS

2024-03-13 04:15 PM
31
cve
cve

CVE-2023-25453

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ian Sadovy WordPress Tables plugin <= 1.3.9...

7.1CVSS

6AI Score

0.0005EPSS

2023-08-30 04:15 PM
60
cve
cve

CVE-2022-47136

Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC Ninja Tables – Best Data Table Plugin for WordPress plugin <= 4.3.4...

8.8CVSS

9.2AI Score

0.001EPSS

2023-05-25 12:15 PM
21
cve
cve

CVE-2023-2500

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'go_pricing' shortcode 'data' parameter. This allows authenticated attackers, with...

8.8CVSS

8.8AI Score

0.002EPSS

2023-05-25 12:15 AM
25
cve
cve

CVE-2023-2498

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to...

6.4CVSS

5.3AI Score

0.001EPSS

2023-05-24 12:15 AM
26
cve
cve

CVE-2023-2496

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a...

7.5CVSS

8.1AI Score

0.003EPSS

2023-05-24 12:15 AM
31
cve
cve

CVE-2023-2494

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role....

8.8CVSS

8.2AI Score

0.001EPSS

2023-05-24 12:15 AM
25
cve
cve

CVE-2023-23708

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4...

6.5CVSS

5.3AI Score

0.0005EPSS

2023-05-03 01:15 PM
15
cve
cve

CVE-2022-46848

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.1...

6.5CVSS

5.3AI Score

0.001EPSS

2023-03-28 08:15 AM
18
cve
cve

CVE-2022-4654

The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting...

5.4CVSS

5.3AI Score

0.001EPSS

2023-01-30 09:15 PM
22
cve
cve

CVE-2022-2444

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call.....

8.8CVSS

8.5AI Score

0.002EPSS

2022-07-18 05:15 PM
33
4
cve
cve

CVE-2022-1904

The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site...

6.1CVSS

6AI Score

0.001EPSS

2022-06-27 09:15 AM
59
7
cve
cve

CVE-2021-36866

Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at...

4.8CVSS

4.8AI Score

0.001EPSS

2022-06-02 02:15 PM
51
6
cve
cve

CVE-2022-29432

Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable...

4.8CVSS

5.1AI Score

0.001EPSS

2022-05-20 09:15 PM
49
2
cve
cve

CVE-2022-25618

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <=...

4.8CVSS

4.8AI Score

0.001EPSS

2022-04-04 08:15 PM
49
cve
cve

CVE-2021-25098

The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the...

6.5CVSS

6.3AI Score

0.001EPSS

2022-03-07 09:15 AM
51
cve
cve

CVE-2021-24867

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to....

9.8CVSS

9.4AI Score

0.004EPSS

2022-02-21 11:15 AM
132
2
cve
cve

CVE-2021-24900

The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is...

4.8CVSS

4.7AI Score

0.001EPSS

2022-02-01 01:15 PM
21
cve
cve

CVE-2015-9332

The uninstall plugin before 1.2 for WordPress has CSRF to delete all tables via the wp-admin/admin-ajax.php?action=uninstall...

6.5CVSS

6.5AI Score

0.001EPSS

2019-08-20 03:15 PM
18