CVE-2026-6237

The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

EUVD-2026-29401

The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2026-39956

The Quick Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' attribute of the 'qtbl' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-1852

The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel and remove functions. This makes it possible for unauthenticated attackers to...

WordPress plugin Product Pricing Table by WooBeWoo 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2025-12845 Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent 0.5.4 - 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Information Exposure and Privilege Escalation

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the gettabledata function in versions 0.5.4 to 1.2.1. This makes it possible...

EUVD-2025-204661

The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'searchkey' parameter in all versions up to, and including, 5.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

CVE-2025-12960

The Simple CSV Table plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.1 via the href parameter in the csv shortcode. This is due to insufficient path validation before concatenating user-supplied input to a base directory path. This makes it...

CVE-2025-11499

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfeaturedimagefromexternalurl function in all versions up to, and including, 1.1.32. This makes it possible f...

CVE-2025-11499 Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent <= 1.1.32 - Unauthenticated Arbitrary File Upload

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the setfeaturedimagefromexternalurl function in all versions up to, and including, 1.1.32. This makes it possible f...

CVE-2025-11499

The CVE-2025-11499 entry concerns the Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent WordPress plugin. Affected component: set_featured_image_from_external_url(), with missing file type validation across all versions up to and including 1.1.32. Consequence: unauthen...

PT-2025-44715

Name of the Vulnerable Software and Affected Versions Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent versions up to and including 1.1.32 Description The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is susceptible...

EUVD-2020-30215

Malware in sbrugna...

EUVD-2007-2477

Malware in sbrugna...

EUVD-2017-11115

Malware in sbrugna...

EUVD-2022-30264

Malicious code in bioql PyPI...

EUVD-2024-44298

Malicious code in bioql PyPI...

Malicious code in rehype-headerless-table-plugin (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5f663df30b939e46c2ebd664fc1dae15c177895427b67b8b2b3d646b000bc64f The OpenSSF Package Analysis project identified...

CVE-2025-8604 WP Table Builder – WordPress Table Plugin <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wptb shortcode in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

PT-2025-33452 · WordPress · Wp Table Builder +1

Name of the Vulnerable Software and Affected Versions: WP Table Builder – WordPress Table Plugin versions up to and including 2.0.12 Description: The WP Table Builder – WordPress Table Plugin for WordPress is susceptible to Stored Cross-Site Scripting via the plugin’s wptb shortcode due to...