WordPress TablePress Plugin < 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Software TablePress Type Plugin Vulnerable versions 2.1.5 Fixed in 2.1.5 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer TablePress PSID c2fdd4fab849 Credits Rafie Muhammad Patchstack Required privilege...

WordPress TablePress Plugin <= 1.14 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.170205";...

TablePress Plugin vulnerable to Cross-site Scripting

A cross-site scripting vulnerability was found in an unknown function of the component Table Import Handler. The manipulation of the argument Import data leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...

GHSA-9MF2-HPJ4-RW3R TablePress Plugin vulnerable to Cross-site Scripting

A cross-site scripting vulnerability was found in an unknown function of the component Table Import Handler. The manipulation of the argument Import data leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...

PT-2022-24120 · WordPress · Tablepress

Name of the Vulnerable Software and Affected Versions: TablePress Plugin affected versions not specified Description: A cross-site scripting issue was found in the Table Import Handler component. The manipulation of the Import data argument leads to cross-site scripting. It is possible to launch...

WordPress Plugin TablePress 1.14 - CSV Injection

Exploit Title: WordPress Plugin TablePress 1.14 - CSV Injection Date: 07/09/2021 Exploit Author: Nikhil Kapoor Vendor Homepage: Software Link: https://wordpress.org/plugins/tablepress/ Version: 1.14 Category: Web Application Tested on Windows How to Reproduce this Vulnerability: 1. Install...

WordPress TablePress 1.14 CSV Injection

Exploit Title: WordPress Plugin TablePress 1.14 - CSV Injection Date: 07/09/2021 Exploit Author: Nikhil Kapoor Vendor Homepage: Software Link: https://wordpress.org/plugins/tablepress/ Version: 1.14 Category: Web Application Tested on Windows How to Reproduce this Vulnerability: 1. Install...

WordPress TablePress 1.14 Plugin- CSV Injection Vulnerability

Exploit Title: WordPress Plugin TablePress 1.14 - CSV Injection Exploit Author: Nikhil Kapoor Vendor Homepage: Software Link: https://wordpress.org/plugins/tablepress/ Version: 1.14 Category: Web Application Tested on Windows How to Reproduce this Vulnerability: 1. Install WordPress 5.8.0 2...

WordPress TablePress Plugin < 1.10 CSV Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112685";...

WordPress TablePress CSV Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL.WordPress plugin TablePress is a table plugin that allows you to easily create and manage beautiful tables...

CVE-2019-20180

The TablePress plugin 1.9.2 for WordPress allows tablepressdata CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress...

CVE-2019-20180

The TablePress plugin 1.9.2 for WordPress allows tablepressdata CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress...

Design/Logic Flaw

The TablePress plugin 1.9.2 for WordPress allows tablepressdata CSV injection by Editor users...

CVE-2019-20180

The TablePress plugin 1.9.2 for WordPress allows tablepressdata CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress...

CVE-2019-20180

The CVE-2019-20180 entry concerns the WordPress TablePress plugin, version 1.9.2. The documented issue is a CSV injection in tablepress[data] that can be triggered by Editor users when exporting data, with the underlying claim that the vulnerability arises from how CSV is opened by the target app...

CVE-2019-20180

The TablePress plugin 1.9.2 for WordPress allows tablepressdata CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress...

PT-2020-10361 · Tablepress · Tablepress

Name of the Vulnerable Software and Affected Versions: TablePress plugin version 1.9.2 Description: The issue allows tablepressdata CSV injection by Editor users. This could potentially lead to malicious actions when the CSV file is opened by an application. Note that the vendor disputes this...

WordPress TablePress plugin <=1.8 - Authenticated XML External Entity (XXE) vulnerability

Authenticated XML External Entity XXE vulnerability found by Yuji Tounai of NTT Communications Corporation in WordPress TablePress plugin versions =1.8. Solution Update the WordPress TablePress plugin to the latest available version at least version 1.8.1...

WordPress TablePress Plugin XXE Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.140537";...

Xxe

TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity XXE attacks via unspecified vectors...