ByteOS Network

wptableeditor

Source -

NVDCNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-48310

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-4.3||MEDIUM

EPSS-Not Assigned

Published-28 Aug, 2025 | 12:36

Updated-28 Aug, 2025 | 14:47

WordPress Table Editor plugin <= 1.6.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in wptableeditor Table Editor allows Cross Site Request Forgery. This issue affects Table Editor: from n/a through 1.6.4.

Vendor-wptableeditor

Product-Table Editor

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-13661

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-6.4||MEDIUM

EPSS-0.04% / 10.14%

7 Day CHG~0.00%

Published-30 Jan, 2025 | 13:41

Updated-31 Jan, 2025 | 18:08

Table Editor <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditor_vtabs' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor-wptableeditor wptableeditor

Product-table_editor Table Editor

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')