cleantalk
Vulnerabilities and Security Researches

TablePress – Tables in WordPress made easy, CVE-2019-20180

CVE, Research URL

CVE-2019-20180

Home page URL

Security reports for TablePress – Tables in WordPress made easy

Application

TablePress – Tables in WordPress made easy

Published on
Jan 10, 2020
Research Description
The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress.
Affected versions
Min -, max 2.0.
Status
vulnerable
Previous vulnerability researches
TablePress – Tables in WordPress made easy (CVE-2024-9595) , Oct 12, 2024
TablePress – Tables in WordPress made easy (CVE-2024-4354) , Jun 08, 2024
TablePress – Tables in WordPress made easy (CVE-2017-10889) , Jun 06, 2024
TablePress – Tables in WordPress made easy (CVE-2019-20180) , Jun 06, 2024
TablePress – Tables in WordPress made easy , Feb 17, 2025
New vulnerability
wpForo Forum (CVE-2025-4406) , Jul 12, 2025
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress (CVE-2025-6716) , Jul 12, 2025
Events Manager – Calendar, Bookings, Tickets, and more! (CVE-2025-6976) , Jul 12, 2025
Events Manager – Calendar, Bookings, Tickets, and more! (CVE-2025-6970) , Jul 12, 2025
Events Manager – Calendar, Bookings, Tickets, and more! (CVE-2025-6975) , Jul 12, 2025