cleantalk
Vulnerabilities and Security Researches

Table Editor, CVE-2024-13661

CVE, Research URL

CVE-2024-13661

Home page URL

Security reports for Table Editor

Application

Table Editor

Published on
Jan 30, 2025
Research Description
The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditor_vtabs' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.6.0.
Status
vulnerable
Previous vulnerability researches
Table Editor (CVE-2024-13661) , Feb 01, 2025
Table Editor (CVE-2025-48310) , Aug 30, 2025
New vulnerability
TablePress – Tables in WordPress made easy (CVE-2025-9500) , Sep 02, 2025
Chatbox Manager (CVE-2025-58211) , Sep 02, 2025
WooCommerce Payment Gateway for Saferpay (CVE-2025-48317) , Sep 02, 2025
iATS Online Forms (CVE-2025-9441) , Sep 02, 2025
Poll, Survey & Quiz Maker Plugin by Opinion Stage (CVE-2025-53328) , Sep 02, 2025