CVE-2026-27126

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...

CVE-2021-24898

The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress EditableTable plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress EditableTable plugin versions prior to 0.1.4 have a cross-site scripting vulnerability that stems from the...

CVE-2021-24898

The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-24898

CVE-2021-24898 concerns WordPress EditableTable plugin versions up to 0.1.4. Multiple connected sources confirm a stored Cross‑Site Scripting vulnerability caused by the plugin not sanitising or escaping table/column fields, enabling an attacker with high privileges to inject and execute JavaScri...

WordPress 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress EditableTable plugin versions prior to 0.1.4 have a cross-site scripting vulnerability that stems from the...

EditableTable <= 0.1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Create a new EDTB and put the following payload in the Table Name, Column Name or Column...

EditableTable <= 0.1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Create a new EDTB and put the following payload in the Table Name, Column Name or...