CVE-2025-66096

Vulnerability Overview The Table Block by Tableberg WordPress plugin, versions 0.6.9 and earlier, contains a missing authorization vulnerability. This implies that security checks are absent on certain functions, allowing users without the appropriate permissions to access or modify resources that should be protected. [1]

Exploitation Details The vulnerability can be exploited by any attacker with network access to a WordPress site running an affected version. Since the missing authorization does not require authentication, it enables unauthenticated exploitation. This low barrier to entry makes the flaw attractive for mass-exploit campaigns targeting numerous websites. [1]

Impact and Severity An attacker exploiting this flaw could perform unauthorized actions, such as modifying table blocks or escalating privileges, though the exact impact depends on the specific missing control. The vulnerability holds a CVSS score of 4.3 (Medium), indicating moderate severity due to low attack complexity and no required privileges. Patchstack rates it as low impact but notes its use in mass attacks. [1]

Mitigation Users should update to version 0.6.10 or higher, which addresses the authorization issue. Patchstack users can enable automatic updates for this plugin. Given its active exploitation in campaigns, immediate patching is recommended. [1]