CVE-2024-23825

The CVE-2024-23825 entry concerns the WordPress TablePress plug-in. It describes an SSRF flaw where user-provided URLs for table imports are insufficiently filtered, potentially causing the server to fetch from unintended network locations, including an AWS instance metadata REST API, risking exp...

CVE-2019-20180

The CVE-2019-20180 entry concerns the WordPress TablePress plugin, version 1.9.2. The documented issue is a CSV injection in tablepress[data] that can be triggered by Editor users when exporting data, with the underlying claim that the vulnerability arises from how CSV is opened by the target app...

CVE-2024-9595

The CVE-2024-9595 entry concerns the WordPress TablePress plugin. Affected: TablePress (WordPress plugin) versions up to and including 2.4.2. Vulnerable component: table cell content handling suffers from insufficient input sanitization and output escaping, enabling Stored Cross-Site Scripting. I...

CVE-2025-2685

The CVE-2025-2685 entry concerns the WordPress plugin TablePress (Tables in WordPress made easy). The connected document confirms a Stored Cross-Site Scripting vulnerability via the table-name parameter in all versions up to 3.0.4, caused by insufficient input sanitization and output escaping. Ex...

CVE-2017-10889

CVE-2017-10889 concerns the WordPress TablePress plugin. Multiple connected sources confirm that TablePress versions prior to 1.8.1 are vulnerable to an XML External Entity (XXE) attack due to XML entities not being properly restricted (CWE-611). The vulnerability can allow an attacker to access ...

CVE-2025-5096

The CVE-2025-5096 entry describes a DOM-based stored XSS vulnerability in the TablePress WordPress plugin, affecting all versions up to 3.1.2. The issue stems from insufficient input sanitization and output escaping in the data-caption, data-s-content-padding, data-s-title, and data-footer attrib...

CVE-2024-4354

CVE-2024-4354 concerns the WordPress plugin TablePress (