VYPR
Vendor

Tablepress

Products
1
CVEs
8
Across products
8
Status
Private

Products

1

Recent CVEs

8
  • CVE-2025-12324MedNov 4, 2025
    risk 0.42cvss 6.4epss 0.00

    The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `table` shortcode attributes in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping on user…

  • CVE-2025-9500MedAug 30, 2025
    risk 0.35cvss 6.4epss 0.00

    The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode_debug’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…

  • CVE-2024-4354MedJun 7, 2024
    risk 0.35cvss 6.4epss 0.00

    The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the get_files_to_import() function. This makes it possible for authenticated attackers, with author-level access and…

  • CVE-2017-10889MedNov 17, 2017
    risk 0.28cvss 4.3epss 0.01

    TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.

  • CVE-2025-5096May 23, 2025
    risk 0.00cvss epss 0.00

    The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-caption', 'data-s-content-padding', 'data-s-title', and 'data-footer' data-attributes in all versions up to, and including, 3.1.2 due to insufficient input sanitization and…

  • CVE-2025-2685Mar 27, 2025
    risk 0.00cvss epss 0.00

    The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible…

  • CVE-2024-9595Oct 12, 2024
    risk 0.00cvss epss 0.00

    The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-23825Jan 30, 2024
    risk 0.00cvss epss 0.01

    TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and…