cleantalk
Vulnerabilities and Security Researches

TablePress – Tables in WordPress made easy, CVE-2025-2685

CVE, Research URL

CVE-2025-2685

Home page URL

Security reports for TablePress – Tables in WordPress made easy

Application

TablePress – Tables in WordPress made easy

Published on
Mar 27, 2025
Research Description
The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.1.
Status
vulnerable
Previous vulnerability researches
TablePress – Tables in WordPress made easy (CVE-2024-9595) , Oct 12, 2024
TablePress – Tables in WordPress made easy (CVE-2024-4354) , Jun 08, 2024
TablePress – Tables in WordPress made easy (CVE-2017-10889) , Jun 06, 2024
TablePress – Tables in WordPress made easy (CVE-2019-20180) , Jun 06, 2024
TablePress – Tables in WordPress made easy , Feb 17, 2025
New vulnerability
Xavin's List Subpages (CVE-2025-4220) , May 08, 2025
CarDealerPress (CVE-2025-3860) , May 08, 2025
Crossword Compiler Puzzles (CVE-2025-46493) , May 08, 2025
Frontend Dashboard (CVE-2025-4104) , May 08, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2025-0671) , May 08, 2025