cleantalk
Vulnerabilities and Security Researches

TablePress – Tables in WordPress made easy, CVE-2025-5096

CVE, Research URL

CVE-2025-5096

Home page URL

Security reports for TablePress – Tables in WordPress made easy

Application

TablePress – Tables in WordPress made easy

Published on
May 23, 2025
Research Description
The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-caption', 'data-s-content-padding', 'data-s-title', and 'data-footer' data-attributes in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.1.3.
Status
vulnerable
Previous vulnerability researches
bunny.net – WordPress CDN Plugin (CVE-2024-31361) , Jun 07, 2024
bunny.net – WordPress CDN Plugin (CVE-2025-48236) , May 22, 2025
New vulnerability
Bot for Telegram on WooCommerce (CVE-2025-48268) , May 24, 2025
WP Image Mask (CVE-2025-48235) , May 23, 2025
TablePress – Tables in WordPress made easy (CVE-2025-5096) , May 23, 2025
Raisely Donation Form (CVE-2025-3781) , May 23, 2025
Simplelightbox (CVE-2024-5878) , May 23, 2025