TablePress WordPress Plugin Vulnerability Affects 700,000+ Sites

A vulnerability within the TablePress WordPress plugin permits attackers to inject malicious scripts that run when somebody visits a compromised web page. It impacts all variations as much as and together with model 3.2.

TablePress WordPress plugin

The TablePress plugin is used on greater than 700,000 web sites. It permits customers to create and handle tables with interactive options like sorting, pagination, and search.

What Prompted The Vulnerability

The issue got here from lacking enter sanitization and output escaping in how the plugin dealt with the shortcode_debug parameter. These are fundamental safety steps that shield websites from dangerous enter and unsafe output.

The Wordfence advisory explains:

“The TablePress plugin for WordPress is susceptible to Saved Cross-Web site Scripting by way of the ‘shortcode_debug’ parameter in all variations as much as, and together with, 3.2 resulting from inadequate enter sanitization and output escaping.”

Enter Sanitization

Enter sanitization filters what customers sort into varieties or fields. It blocks dangerous enter, like malicious scripts. TablePress didn’t absolutely apply this safety step.

Output Escaping

Output escaping is comparable, nevertheless it works in the wrong way, filtering what will get output onto the web site. Output escaping prevents the web site from publishing characters that may be interpreted by browsers as code.

That’s precisely what can occur with TablePress as a result of it has inadequate enter sanitization , which permits an attacker to add a script , and inadequate escaping to forestall the web site from injecting malicious scripts into the stay web site. That’s what permits the saved cross-site scripting (XSS) assaults.

As a result of each protections have been lacking, somebody with Contributor-level entry or greater may add a script that will get saved and runs each time the web page is visited. The truth that a Contributor-level authorization is important mitigates the potential for an assault to a sure extent.

Plugin customers are really useful to replace the plugin to model 3.2.1 or greater.

Featured Picture by Shutterstock/Nithid

What's Hot

TikTok Adds Audio Messaging, Audio and Video Attachments for DMs

Here Are the Top States Where Seniors Outlive Retirement Funds

Best Air Fryer Toaster Oven of 2025

TablePress WordPress Plugin Vulnerability Affects 700,000+ Sites

TikTok Adds Audio Messaging, Audio and Video Attachments for DMs

WPP COO Andrew Scott to Depart at the End of the Year

Benefits of Family Counseling and How It Works

Instagram Adds More DM Management Tools

Perplexity Ad Chief Taz Patel Departs

Always Up-to-Date Guide to Social Media Video Specs 2025 [Facebook, Instagram, TikTok and more]

TikTok Adds Audio Messaging, Audio and Video Attachments for DMs

Here Are the Top States Where Seniors Outlive Retirement Funds

Best Air Fryer Toaster Oven of 2025

He Started Delivering Pizza In 1991 and Now Owns 270 Shops

Four ways to be more selfish at work

How to Create a Seamless Instagram Carousel Post

Up First from NPR : NPR

Meta Plans to Release New Oakley, Prada AI Smart Glasses

Our Picks

TikTok Adds Audio Messaging, Audio and Video Attachments for DMs

Here Are the Top States Where Seniors Outlive Retirement Funds

Subscribe to Updates

What's Hot

TablePress WordPress Plugin Vulnerability Affects 700,000+ Sites

TablePress WordPress plugin

What Prompted The Vulnerability

Enter Sanitization

Output Escaping

Related Posts