34 matches found
CVE-2025-2685
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2025-2685 TablePress – Tables in WordPress made easy <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
CVE-2025-2685 TablePress – Tables in WordPress made easy <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...
WordPress TablePress Plugin < 2.3.2 SSRF Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tablepress:tablepress"; if description...
WordPress TablePress Plugin 2.0 < 2.1.5 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tablepress:tablepress"; if description...
WordPress TablePress Plugin < 2.4.3 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tablepress:tablepress"; if description...
WordPress TablePress Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)
Software TablePress Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9595 Patch priority Low CVSS severity Low 5.9 Developer TablePress PSID e1ecd7cf1ef2 Credits Max Boll b0lli Required privilege...
PT-2024-39710 · WordPress · Tablepress
Name of the Vulnerable Software and Affected Versions: TablePress – Tables in WordPress made easy plugin for WordPress versions up to, and including, 2.4.2 Description: The issue is related to Stored Cross-Site Scripting via the table cell content due to insufficient input sanitization and output...
WordPress TablePress Plugin <= 2.3.1 is vulnerable to Server Side Request Forgery (SSRF)
Software TablePress Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-4354 Patch priority Low CVSS severity Low 6.4 Developer TablePress PSID e683cfb42286 Credits Tobias Weißhaar kun19 Required privilege...
Server-side Request Forgery (SSRF)
tobiasbg/tablepress is vulnerable to Server-side Request Forgery SSRF. The vulnerability is due to insufficient filtering of user-supplied URLs during table imports. This vulnerability allows an attacker to make unauthorized network requests which potentially leads to Server-Side Request Forgery...
WordPress TablePress Plugin <= 2.2.4 is vulnerable to Server Side Request Forgery (SSRF)
Software TablePress Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-23825 Patch priority Low CVSS severity Low 3 Developer TablePress PSID 63d423a50b49 Credits isacaya Required privilege Author Publishe...
CVE-2024-23825 TablePress SSRF vulnerability due to insufficient filtering of cloud provider hosts
TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On...
CVE-2019-20180
The TablePress plugin 1.9.2 for WordPress allows tablepressdata CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress...
PT-2020-10361 · Tablepress · Tablepress
Name of the Vulnerable Software and Affected Versions: TablePress plugin version 1.9.2 Description: The issue allows tablepressdata CSV injection by Editor users. This could potentially lead to malicious actions when the CSV file is opened by an application. Note that the vendor disputes this...