CVE-2025-9543

The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2025-9543

The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

EUVD-2026-0836

The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2025-9543 FlexTable Google Sheets Connector < 3.19.2 - Admin+ Stored XSS

The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2025-9543

CVE-2025-9543 (FlexTable – Data Table Sync with Google Sheets): A stored cross-site scripting vulnerability exists in FlexTable WordPress plugin versions before 3.19.2 where unfiltered links imported from Google Sheet cells are not properly sanitized/escaped. This could allow a high-privilege use...

PT-2026-1216

Name of the Vulnerable Software and Affected Versions FlexTable WordPress plugin versions prior to 3.19.2 Description The FlexTable WordPress plugin does not properly sanitise and escape imported links from Google Sheet cells. This could allow users with high privileges, such as administrators, t...