cleantalk
Vulnerabilities and Security Researches

Table of Contents Plus, CVE-2024-5578

CVE, Research URL

CVE-2024-5578

Home page URL

Security reports for Table of Contents Plus

Application

Table of Contents Plus

Published on
Nov 05, 2024
Research Description
The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Affected versions
Min -, max 2408.
Status
vulnerable
Previous vulnerability researches
Table of Contents Plus , Jun 19, 2025
Table of Contents Plus (CVE-2023-44473) , Jun 07, 2024
Table of Contents Plus (CVE-2022-4479) , Jun 07, 2024
Table of Contents Plus (CVE-2024-5578) , Nov 06, 2024
Table of Contents Plus (CVE-2024-49250) , Oct 18, 2024
New vulnerability
Simple File List (CVE-2025-34085) , Jul 13, 2025
Pakke Envíos (CVE-2025-52819) , Jul 13, 2025
Gwolle Guestbook (CVE-2025-5807) , Jul 13, 2025
Tennis Court Bookings (CVE-2025-52787) , Jul 13, 2025
WPC Smart Compare for WooCommerce (CVE-2025-5530) , Jul 13, 2025