Vulnerabilities and security researches forposts-table-filterable posts-table-filterable

Jun 07, 2024

CVE, Research URL: 3baac97a62718d22a0676a3b26aea087baf75743
Home page URL: Security reports for TableOn – WordPress Posts Table Filterable
Application: TableOn – WordPress Posts Table Filterable
Date: Sep 29, 2021
Research Description: TableOn – WordPress Posts Table Filterable [posts-table-filterable] < 1.0.1 WordPress TableOn – WordPress Posts Table Filterable plugin <= 1.0.0 - Reflected Cross-Scripting (XSS) vulnerability Reflected Cross-Scripting (XSS) vulnerability discovered in WordPress TableOn – WordPress Posts Table Filterable plugin (versions <= 1.0.0).
Affected versions: max 1.0.1.
Status: vulnerable

Apr 06, 2025

CVE, Research URL: CVE-2025-32218
Home page URL: Security reports for TableOn – WordPress Posts Table Filterable
Application: TableOn – WordPress Posts Table Filterable
Date: Apr 04, 2025
Research Description: Missing Authorization vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.4.
Affected versions: max 1.0.4.
Status: vulnerable

Apr 13, 2025

CVE, Research URL: CVE-2025-32569
Home page URL: Security reports for TableOn – WordPress Posts Table Filterable
Application: TableOn – WordPress Posts Table Filterable
Date: Apr 11, 2025
Research Description: Deserialization of Untrusted Data vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Object Injection. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.2.
Affected versions: max 1.0.4.
Status: vulnerable

Apr 19, 2025

CVE, Research URL: CVE-2025-32592
Home page URL: Security reports for TableOn – WordPress Posts Table Filterable
Application: TableOn – WordPress Posts Table Filterable
Date: Apr 17, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Stored XSS. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.3.
Affected versions: max 1.0.4.
Status: vulnerable

Jul 03, 2025

CVE, Research URL: CVE-2025-5143
Home page URL: Security reports for TableOn – WordPress Posts Table Filterable
Application: TableOn – WordPress Posts Table Filterable
Date: Jun 21, 2025
Research Description: The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tableon_popup_iframe_button shortcode in all versions up to, and including, 1.0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.0.4.2.
Status: vulnerable

Nov 10, 2025

CVE, Research URL: CVE-2025-60244
Home page URL: Security reports for TableOn – WordPress Posts Table Filterable
Application: TableOn – WordPress Posts Table Filterable
Date: Nov 06, 2025
Research Description: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RealMag777 TableOn posts-table-filterable allows Code Injection.This issue affects TableOn: from n/a through <= 1.0.4.2.
Affected versions: max 1.0.4.2.
Status: vulnerable

Jan 27, 2026

CVE, Research URL: CVE-2025-69316
Home page URL: Security reports for TableOn – WordPress Posts Table Filterable
Application: TableOn – WordPress Posts Table Filterable
Date: Jan 22, 2026
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn posts-table-filterable allows Reflected XSS.This issue affects TableOn: from n/a through <= 1.0.4.2.
Affected versions: max 1.0.4.2.
Status: vulnerable

Apr 13, 2026

CVE, Research URL: CVE-2026-3513
Home page URL: Security reports for TableOn – WordPress Posts Table Filterable
Application: TableOn – WordPress Posts Table Filterable
Date: Apr 08, 2026
Research Description: The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tableon_button' shortcode in all versions up to and including 1.0.4.4. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as 'class', 'help_link', 'popup_title', and 'help_title'. The do_shortcode_button() function extracts these attributes without sanitization and passes them to TABLEON_HELPER::draw_html_item(), which concatenates attribute values into HTML using single quotes without escaping (line 29: $item .= " {$key}='{$value}'"). This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.0.5.
Status: vulnerable

May 30, 2026

CVE, Research URL: CVE-2026-42755
Home page URL: Security reports for TableOn – WordPress Posts Table Filterable
Application: TableOn – WordPress Posts Table Filterable
Date: May 27, 2026
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through <= 1.0.5.1.
Affected versions: max 1.0.5.1.
Status: vulnerable