Lucene search

K

Wp-table Security Vulnerabilities

cve
cve

CVE-2024-2019

The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbte_render' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated...

7.5CVSS

6.7AI Score

0.001EPSS

2024-06-04 06:15 AM
2
cve
cve

CVE-2024-4700

The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button element in all versions up to, and including, 1.4.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-21 10:15 AM
31
cve
cve

CVE-2024-34375

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.This issue affects Sheets To WP Table Live Sync: from n/a through...

5.9CVSS

6.6AI Score

0.0004EPSS

2024-05-06 07:15 PM
35
cve
cve

CVE-2023-26535

Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP Table Live Sync plugin <= 2.12.15...

8.8CVSS

8.7AI Score

0.001EPSS

2023-11-22 02:15 PM
6
cve
cve

CVE-2022-46852

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Table Builder plugin <= 1.4.6...

5.9CVSS

4.8AI Score

0.0005EPSS

2023-05-03 03:15 PM
15
cve
cve

CVE-2022-47602

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in JoomUnited WP Table Manager plugin <= 3.5.2...

6.5CVSS

5.2AI Score

0.001EPSS

2023-03-29 08:15 PM
14
cve
cve

CVE-2022-4491

The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high.....

5.4CVSS

5.4AI Score

0.001EPSS

2023-01-09 11:15 PM
28
cve
cve

CVE-2021-24867

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to....

9.8CVSS

9.4AI Score

0.004EPSS

2022-02-21 11:15 AM
132
2
cve
cve

CVE-2013-1463

Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be the same vulnerability as CVE-2013-1808. If so, it is...

5.4AI Score

0.004EPSS

2013-02-07 05:56 AM
40
cve
cve

CVE-2007-2484

PHP remote file inclusion vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the wpPATH...

7.5AI Score

0.046EPSS

2007-05-03 05:19 PM
22
cve
cve

CVE-2007-2483

Directory traversal vulnerability in js/wptable-button.php in the wp-Table 1.43 and earlier plugin for WordPress, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the wpPATH...

7.2AI Score

0.017EPSS

2007-05-03 05:19 PM
22