Lucene search
K

34 matches found

OSV
OSV
added 2025/03/27 6:15 a.m.3 views

CVE-2025-2685

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

5.4CVSS7.9AI score
Exploits0References3
Cvelist
Cvelist
added 2025/03/27 5:22 a.m.19 views

CVE-2025-2685 TablePress – Tables in WordPress made easy <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

6.4CVSS0.00247EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/27 5:22 a.m.20 views

CVE-2025-2685 TablePress – Tables in WordPress made easy <= 3.0.4 - Authenticated (Author+) Stored Cross-Site Scripting

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

6.4CVSS5.8AI score0.00247EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/02/10 12:0 a.m.8 views

WordPress TablePress Plugin < 2.3.2 SSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tablepress:tablepress"; if description...

6.4CVSS5.4AI score0.00368EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/02/10 12:0 a.m.16 views

WordPress TablePress Plugin 2.0 < 2.1.5 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tablepress:tablepress"; if description...

7.1CVSS7.4AI score0.00284EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/02/10 12:0 a.m.17 views

WordPress TablePress Plugin < 2.4.3 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tablepress:tablepress"; if description...

7.5CVSS5.4AI score0.02859EPSS
Exploits1References2
Patchstack
Patchstack
added 2024/10/14 12:0 a.m.22 views

WordPress TablePress Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)

Software TablePress Type Plugin Vulnerable versions = 2.4.2 Fixed in 2.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9595 Patch priority Low CVSS severity Low 5.9 Developer TablePress PSID e1ecd7cf1ef2 Credits Max Boll b0lli Required privilege...

6.4CVSS5.8AI score0.00288EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/12 12:0 a.m.5 views

PT-2024-39710 · WordPress · Tablepress

Name of the Vulnerable Software and Affected Versions: TablePress – Tables in WordPress made easy plugin for WordPress versions up to, and including, 2.4.2 Description: The issue is related to Stored Cross-Site Scripting via the table cell content due to insufficient input sanitization and output...

6.4CVSS6AI score0.00288EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/06/07 12:0 a.m.15 views

WordPress TablePress Plugin <= 2.3.1 is vulnerable to Server Side Request Forgery (SSRF)

Software TablePress Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-4354 Patch priority Low CVSS severity Low 6.4 Developer TablePress PSID e683cfb42286 Credits Tobias Weißhaar kun19 Required privilege...

6.4CVSS6.9AI score0.00368EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/01/31 6:30 a.m.15 views

Server-side Request Forgery (SSRF)

tobiasbg/tablepress is vulnerable to Server-side Request Forgery SSRF. The vulnerability is due to insufficient filtering of user-supplied URLs during table imports. This vulnerability allows an attacker to make unauthorized network requests which potentially leads to Server-Side Request Forgery...

4.9CVSS6.8AI score0.00549EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2024/01/31 12:0 a.m.13 views

WordPress TablePress Plugin <= 2.2.4 is vulnerable to Server Side Request Forgery (SSRF)

Software TablePress Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-23825 Patch priority Low CVSS severity Low 3 Developer TablePress PSID 63d423a50b49 Credits isacaya Required privilege Author Publishe...

4.9CVSS6.9AI score0.00549EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/30 4:22 p.m.8 views

CVE-2024-23825 TablePress SSRF vulnerability due to insufficient filtering of cloud provider hosts

TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On...

3CVSS4.1AI score0.00549EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2020/01/09 12:0 a.m.10 views

CVE-2019-20180

The TablePress plugin 1.9.2 for WordPress allows tablepressdata CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress...

7.3AI score0.02326EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2020/01/09 12:0 a.m.4 views

PT-2020-10361 · Tablepress · Tablepress

Name of the Vulnerable Software and Affected Versions: TablePress plugin version 1.9.2 Description: The issue allows tablepressdata CSV injection by Editor users. This could potentially lead to malicious actions when the CSV file is opened by an application. Note that the vendor disputes this...

6.8CVSS7.2AI score0.02326EPSS
Exploits0References9
Rows per page
Query Builder