Vulnerabilities and security researches fortable-of-contents-plus table-of-contents-plus

Jun 19, 2025

PSC, Research URL: PSC-2025-64575
Home page URL: Security reports for Table of Contents Plus
Application: Table of Contents Plus
Date: Jun 19, 2025
Research Description: Table of Contents Plus is a powerful and user-friendly WordPress plugin designed to automatically generate structured, context-specific tables of contents (TOC) for long-form content and custom post types. Inspired by Wikipedia’s navigation standards, the plugin enhances readability and SEO by providing a logical content structure for users and search engines alike. Beyond a traditional TOC, it also offers built-in support for generating sitemaps of pages, categories, and posts across the site. With seamless shortcode functionality, advanced customization options, and robust theme compatibility, Table of Contents Plus is ideal for content-heavy websites and blogs seeking to improve user experience and page navigation. After undergoing rigorous security testing and static code analysis, the plugin has successfully obtained the Plugin Security Certification (PSC) from CleanTalk, ensuring its compliance with high-level security standards and safe deployment on any WordPress installation.
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED

Nov 06, 2024

CVE, Research URL: CVE-2024-5578
Home page URL: Security reports for Table of Contents Plus
Application: Table of Contents Plus
Date: Nov 05, 2024
Research Description: The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Affected versions: Min -, max -.
Status: vulnerable

Oct 18, 2024

CVE, Research URL: CVE-2024-49250
Home page URL: Security reports for Table of Contents Plus
Application: Table of Contents Plus
Date: Oct 20, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus allows Cross Site Request Forgery.This issue affects Table of Contents Plus: from n/a through 2408.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2023-44473
Home page URL: Security reports for Table of Contents Plus
Application: Table of Contents Plus
Date: Oct 09, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus plugin <= 2302 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-4479
Home page URL: Security reports for Table of Contents Plus
Application: Table of Contents Plus
Date: Jan 10, 2023
Research Description: The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions: Min -, max -.
Status: vulnerable