Description
WordPress Plugin TablePress is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause Denial-of-Service condition. WordPress Plugin TablePress version 1.8 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.8.1 or latest
References
http://jvn.jp/en/jp/JVN05398317/index.html
https://plugins.svn.wordpress.org/tablepress/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Social Networking & E-commerce Arbitrary File Upload (0.0.32)
WordPress Plugin Multiple Roles Cross-Site Request Forgery (1.3.1)
PHP Other Vulnerability (CVE-2007-1886)
Internet Information Services Other Vulnerability (CVE-2005-2089)
WordPress Plugin Your Text Manager Cross-Site Scripting (0.3.0)