WordPress Plugin Vulnerabilities

TablePress <= 1.8 - Authenticated XML External Entity (XXE)

Description

The TablePress WordPress plugin was affected by an Authenticated XML External Entity (XXE) security vulnerability.

Affects Plugins

Plugin icon
tablepress
Fixed in 1.8.1

References

CVE
CVE-2017-10889
URL
https://jvn.jp/en/jp/JVN05398317/index.html
URL
https://github.com/TobiasBg/TablePress/

Classification

Type
XXE
OWASP top 10
A4: XML External Entities (XXE)
CWE
CWE-611
CVSS
4.3 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
2eb820c0-1d68-411d-a30b-505d658db8d7

Timeline

Publicly Published
2017-11-14 (about 8 years ago)
Added
2017-11-23 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-10-07
Title
TablePress < 2.4.3 - XXE Injection
Published
2025-04-04
Title
Easy Google Maps < 1.11.19 - Author+ XML Entity Injection
Published
2025-06-03
Title
Category Icon <= 1.0.3 - Author+ XML External Entity Injection
Published
2014-08-01
Title
Advanced XML Reader 0.3.4 - XML External Entity (XXE) Injection
Published
2013-06-21
Title
WordPress 3.5-3.5.1 oEmbed Unspecified XML External Entity (XXE)