CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

108 matches found

TablePress < 2.4.3 - XXE Injection

The PHPSpreadsheet library used by the plugin is affected by an XXE as the security scanner that prevents XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white spaces. On servers that allow users to upload their own Excel XLSX sheets, Server files...

7.5CVSS5.8AI score0.71632EPSS

Exploits1References4

Patchstack•added 2026/05/01 9:16 a.m.•1 views

WordPress TablePress – Tables in WordPress made easy plugin <= 3.0.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin TablePress versions = 3.0.2...

6.1CVSS5.8AI score0.00135EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/11/05 3:7 a.m.•6 views

CVE-2025-12324

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's table shortcode attributes in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

6.4CVSS5AI score0.00034EPSS

Exploits0References1

Patchstack•added 2025/11/04 4:46 a.m.•2 views

WordPress TablePress plugin <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by Rafshanzani Suhada in WordPress Plugin TablePress versions = 3.2.4...

6.4CVSS5.8AI score0.00034EPSS

Exploits0References1Affected Software1

NVD•added 2025/11/04 3:15 a.m.•3 views

CVE-2025-12324

6.4CVSS0.00034EPSS

Exploits0References2

CVE•added 2025/11/04 2:26 a.m.•11 views

CVE-2025-12324

CVE-2025-12324 affects the WordPress plugin TablePress (versions up to 3.2.3). The vulnerability is a Stored Cross-Site Scripting via table shortcode attributes caused by insufficient input sanitization and output escaping. Exploitation requires at least contributor-level access; an attacker can ...

6.4CVSS4.7AI score0.00034EPSS

Exploits0References2

Cvelist•added 2025/11/04 2:26 a.m.•3 views

CVE-2025-12324 TablePress – Tables in WordPress made easy <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS0.00034EPSS

Exploits0References2

Vulnrichment•added 2025/11/04 2:26 a.m.•6 views

CVE-2025-12324 TablePress – Tables in WordPress made easy <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

6.4CVSS4.7AI score0.00034EPSS

Exploits0References2

Positive Technologies•added 2025/11/04 12:0 a.m.•2 views

PT-2025-44915

Name of the Vulnerable Software and Affected Versions TablePress versions up to and including 3.2.3 Description The TablePress plugin for WordPress is susceptible to Stored Cross-Site Scripting through the table shortcode attributes. Insufficient input sanitization and output escaping on...

6.4CVSS5.2AI score0.00034EPSS

Exploits0References5

CNNVD•added 2025/11/04 12:0 a.m.•3 views

WordPress plugin TablePress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

6.4CVSS5.8AI score0.00034EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-2529

Malware in sbrugna...

4.3CVSS4.6AI score0.00296EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-10734

Malware in sbrugna...

6.8CVSS6.5AI score0.02739EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2025-26403