Table Of Contents
by WordPress
Source repositories
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-58857 | Hig | 0.46 | 7.1 | 0.00 | Sep 5, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Table of content content-table allows Stored XSS.This issue affects Table of content: from n/a through <= 1.5.3.1. | ||
| CVE-2025-27305 | Med | 0.42 | 6.5 | 0.00 | Feb 24, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Achal Jain Table of Contents Block table-of-contents allows Stored XSS.This issue affects Table of Contents Block: from n/a through <= 1.0.2. | ||
| CVE-2024-5029 | Med | 0.31 | 4.8 | 0.00 | Nov 21, 2024 | The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||
| CVE-2024-5578 | Med | 0.31 | 4.8 | 0.00 | Nov 5, 2024 | The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||
| CVE-2024-2218 | Med | 0.30 | 4.6 | 0.00 | Jun 14, 2024 | The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example… | ||
| CVE-2026-32343 | Med | 0.28 | 4.3 | 0.00 | Mar 13, 2026 | Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through <= 2.0.80. | ||
| CVE-2026-25314 | Med | 0.28 | 4.3 | 0.00 | Feb 19, 2026 | Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of Contents: from n/a through <= 1.3.31. | ||
| CVE-2024-5030 | Low | 0.25 | 3.8 | 0.00 | Nov 18, 2024 | The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack |
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaizenCoders Table of content content-table allows Stored XSS.This issue affects Table of content: from n/a through <= 1.5.3.1.
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Achal Jain Table of Contents Block table-of-contents allows Stored XSS.This issue affects Table of Contents Block: from n/a through <= 1.0.2.
- risk 0.31cvss 4.8epss 0.00
The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
- risk 0.31cvss 4.8epss 0.00
The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
- risk 0.30cvss 4.6epss 0.00
The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example…
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Easy Table of Contents easy-table-of-contents allows Cross Site Request Forgery.This issue affects Easy Table of Contents: from n/a through <= 2.0.80.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in WP Messiah TOP Table Of Contents top-table-of-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TOP Table Of Contents: from n/a through <= 1.3.31.
- risk 0.25cvss 3.8epss 0.00
The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack