Skip to main content

Tablepress

7 CVEs product

Monthly

CVE-2026-56051 HIGH This Week

Reflected cross-site scripting in the TablePress WordPress plugin (versions 3.3.1 and earlier) lets an unauthenticated attacker inject script that executes in a victim's browser when they follow a crafted link. Because the CVSS scope is changed (S:C), successful exploitation can affect resources beyond the vulnerable component, including the WordPress admin session context. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was reported through Patchstack's WordPress vulnerability program.

XSS Tablepress
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-5096 MEDIUM PATCH This Month

The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-caption', 'data-s-content-padding', 'data-s-title', and 'data-footer' data-attributes in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Tablepress PHP
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2025-2685 MEDIUM This Month

The TablePress - Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Tablepress PHP
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-9595 MEDIUM PATCH This Month

The TablePress - Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Tablepress
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-4354 MEDIUM PATCH This Month

The TablePress - Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the get_files_to_import() function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Tablepress
NVD
CVSS 3.1
6.4
EPSS
0.8%
CVE-2024-23825 MEDIUM POC PATCH This Month

TablePress is a table plugin for Wordpress. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF WordPress Tablepress
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2017-10889 MEDIUM This Month

TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Tablepress
NVD
CVSS 3.0
4.3
EPSS
0.3%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the TablePress WordPress plugin (versions 3.3.1 and earlier) lets an unauthenticated attacker inject script that executes in a victim's browser when they follow a crafted link. Because the CVSS scope is changed (S:C), successful exploitation can affect resources beyond the vulnerable component, including the WordPress admin session context. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was reported through Patchstack's WordPress vulnerability program.

XSS Tablepress
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-caption', 'data-s-content-padding', 'data-s-title', and 'data-footer' data-attributes in all. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Tablepress +1
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

The TablePress - Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Tablepress +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The TablePress - Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Tablepress
NVD
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

The TablePress - Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the get_files_to_import() function. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Tablepress
NVD
EPSS 1% CVSS 4.9
MEDIUM POC PATCH This Month

TablePress is a table plugin for Wordpress. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF WordPress Tablepress
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Tablepress
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy