TablePress WordPress Plugin Vulnerability Affects 700,000+ Sites

A vulnerability within the TablePress WordPress plugin permits attackers to inject malicious scripts that run when somebody visits a compromised web page. It impacts all variations as much as and together with model 3.2.

TablePress WordPress plugin

The TablePress plugin is used on greater than 700,000 web sites. It permits customers to create and handle tables with interactive options like sorting, pagination, and search.

What Prompted The Vulnerability

The issue got here from lacking enter sanitization and output escaping in how the plugin dealt with the shortcode_debug parameter. These are fundamental safety steps that shield websites from dangerous enter and unsafe output.

The Wordfence advisory explains:

“The TablePress plugin for WordPress is susceptible to Saved Cross-Web site Scripting by way of the ‘shortcode_debug’ parameter in all variations as much as, and together with, 3.2 resulting from inadequate enter sanitization and output escaping.”

Enter Sanitization

Enter sanitization filters what customers sort into varieties or fields. It blocks dangerous enter, like malicious scripts. TablePress didn’t absolutely apply this safety step.

Output Escaping

Output escaping is comparable, nevertheless it works in the wrong way, filtering what will get output onto the web site. Output escaping prevents the web site from publishing characters that may be interpreted by browsers as code.

That’s precisely what can occur with TablePress as a result of it has inadequate enter sanitization , which permits an attacker to add a script , and inadequate escaping to forestall the web site from injecting malicious scripts into the stay web site. That’s what permits the saved cross-site scripting (XSS) assaults.

As a result of each protections have been lacking, somebody with Contributor-level entry or greater may add a script that will get saved and runs each time the web page is visited. The truth that a Contributor-level authorization is important mitigates the potential for an assault to a sure extent.

Plugin customers are really useful to replace the plugin to model 3.2.1 or greater.

Featured Picture by Shutterstock/Nithid

What's Hot

Sainsbury’s CMO Mark Given named Marketer of the Year

Tech and media layoffs in October 2025: Rivian, Meta, Paycom, NBC News, and more cut jobs this fall

Marketers confront the brand safety risks of AI-generated video

TablePress WordPress Plugin Vulnerability Affects 700,000+ Sites

E-commerce sites see low sales from ChatGPT traffic, new study finds

How And Why Google Rewrites Your Hard-Earned Headlines

Snapchat Expands Access to its Open Prompt AI Lens

Could the Next Hit Podcaster Be… Your CFO?

YouTube Expands Likeness Detection To All Monetized Channels

Reddit Launches Legal Action to Block AI Companies from Scraping its Data

Sainsbury’s CMO Mark Given named Marketer of the Year

Tech and media layoffs in October 2025: Rivian, Meta, Paycom, NBC News, and more cut jobs this fall

Marketers confront the brand safety risks of AI-generated video

DZOFILM Kicks Off Early Black Friday Deals with Up to 40% Off and Three Giveaway Rounds

Four ways to be more selfish at work

How to Create a Seamless Instagram Carousel Post

Up First from NPR : NPR

Meta Plans to Release New Oakley, Prada AI Smart Glasses

Our Picks

Sainsbury’s CMO Mark Given named Marketer of the Year

Tech and media layoffs in October 2025: Rivian, Meta, Paycom, NBC News, and more cut jobs this fall

Subscribe to Updates

What's Hot

TablePress WordPress Plugin Vulnerability Affects 700,000+ Sites

TablePress WordPress plugin

What Prompted The Vulnerability

Enter Sanitization

Output Escaping

Related Posts