WordPress Plugin Vulnerabilities

WP Table Builder < 1.3.10 - Reflected Cross-Site Scripting

Description

The plugin does not escape a page parameter before outputting it back in an admin dashboard page, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

Affects Plugins

Plugin icon
wp-table-builder
Fixed in 1.3.10

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
2b33da86-0de0-45c4-82ae-a0f76461f644

Timeline

Publicly Published
2021-09-27 (about 4 years ago)
Added
2021-09-27 (about 4 years ago)
Last Updated
2021-09-27 (about 4 years ago)

Other

Published
Title
Published
2015-06-12
Title
Yoast SEO < 2.2 - Authenticated Stored DOM XSS
Published
2025-09-22
Title
SQL Chart Builder <= 2.3.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-04-15
Title
Shortcodes and extra features for Phlox theme < 2.15.8 - Contributor+ Stored XSS via title_tag
Published
2024-06-21
Title
Swift Framework < 2024.04.30 - Admin+ Stored XSS via Settings
Published
2024-12-04
Title
Contact Form Builder < 4.10.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode