4 matches found
CVE-2026-3619
The Sheets2Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titles' shortcode attribute in the sheets2table-render-table shortcode in all versions up to and including 0.4.1. This is due to insufficient input sanitization and output escaping. Specifically, the...
CVE-2026-3619
The Sheets2Table WordPress plugin is affected by CVE-2026-3619 through the [sheets2table-render-table] shortcode; all versions up to 0.4.1 are vulnerable. The root cause is insufficient input sanitization and output escaping: the titles attribute value is passed through S2T_Functions::trim_array_...
CVE-2026-3619 Sheets2Table <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'titles' Shortcode Attribute
The Sheets2Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titles' shortcode attribute in the sheets2table-render-table shortcode in all versions up to and including 0.4.1. This is due to insufficient input sanitization and output escaping. Specifically, the...
PT-2026-26862
The Sheets2Table plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titles' shortcode attribute in the sheets2table-render-table shortcode in all versions up to and including 0.4.1. This is due to insufficient input sanitization and output escaping. Specifically, the...