WordPress Plugin Vulnerabilities

Tablesome < 1.1.35.2 - Authenticated (Subscriber+) Information Exposure

Description

The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.35.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data.

Affects Plugins

Plugin icon
tablesome
Fixed in 1.1.35.2

References

CVE
CVE-2025-68516
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/6f5f6931-aeda-4499-a1a4-9e80f730dad4

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
6.5 (medium)

Miscellaneous

Original Researcher
daroo
Verified
No
WPVDB ID
642f157c-f323-4c89-a8ac-a6365bc54108

Timeline

Publicly Published
2025-12-22 (about 5 months ago)
Added
2026-01-06 (about 4 months ago)
Last Updated
2026-01-06 (about 4 months ago)

Other

Published
Title
Published
2026-01-18
Title
Ninja Tables – Easy Data Table Builder < 5.2.6 - Authenticated (Contributor+) Information Exposure
Published
2025-12-04
Title
AI CoPilot < 1.2.8 - Authenticated (Contributor+) Information Exposure
Published
2025-09-22
Title
Qubely <= 1.8.14 - Authenticated (Contributor+) Sensitive Information Exposure
Published
2024-03-18
Title
WP Go Maps < 9.0.35 - Information Exposure to Potential Denial of Service
Published
2025-04-07
Title
Accept SagePay Payments Using Contact Form 7 < 2.1 - Unauthenticated Information Exposure