WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin TablePress XML External Entity Injection (1.8)

Description

WordPress Plugin TablePress is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause Denial-of-Service condition. WordPress Plugin TablePress version 1.8 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.8.1 or latest

References

http://jvn.jp/en/jp/JVN05398317/index.html

https://plugins.svn.wordpress.org/tablepress/trunk/readme.txt

Related Vulnerabilities

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14239)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9128)

XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-29517)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-2986)

Apache HTTP Server Other Vulnerability (CVE-2004-0942)

Severity

High

Classification

CVE-2017-10889 CWE-611 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update