Description
WordPress Plugin TablePress is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause Denial-of-Service condition. WordPress Plugin TablePress version 1.8 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.8.1 or latest
References
http://jvn.jp/en/jp/JVN05398317/index.html
https://plugins.svn.wordpress.org/tablepress/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Yasr-Yet Another Stars Rating SQL Injection (0.9.0)
WordPress Plugin Tickera-WordPress Event Ticketing Unspecified Vulnerability (3.4.6.7)
WordPress Plugin The Plus Addons for Elementor Open Redirect (4.1.9)
MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3967)