VYPR

Table Of Contents

by WordPress

Source repositories

CVEs (8)

  • CVE-2025-58857HigSep 5, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Table of content content-table allows Stored XSS.This issue affects Table of content: from n/a through <= 1.5.3.1.

  • CVE-2025-27305MedFeb 24, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Achal Jain Table of Contents Block table-of-contents allows Stored XSS.This issue affects Table of Contents Block: from n/a through <= 1.0.2.

  • CVE-2024-5029MedNov 21, 2024
    risk 0.31cvss 4.8epss 0.00

    The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

  • CVE-2024-5578MedNov 5, 2024
    risk 0.31cvss 4.8epss 0.00

    The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

  • CVE-2024-2218MedJun 14, 2024
    risk 0.30cvss 4.6epss 0.00

    The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example…

  • CVE-2026-32343MedMar 13, 2026
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through <= 2.0.80.

  • CVE-2026-25314MedFeb 19, 2026
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of Contents: from n/a through <= 1.3.31.

  • CVE-2024-5030LowNov 18, 2024
    risk 0.25cvss 3.8epss 0.00

    The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack