Table & Contact Form 7 Database – Tablesome < 1.0.34 – Unauthenticated Sensitive Information Exposure | CVE 2024-37498 | Plugin Vulnerabilities

Description

The Tablesome – Responsive Table, Woocommerce Automation, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.33 due to insufficient capability checks on the get_export_table_props function. This makes it possible for unauthenticated attackers to extract potentially sensitive information from tables.

Affects Plugins

Fixed in 1.0.34

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/5b680158-0752-46bd-a5bb-343b65c0aeb4

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Peng Zhou

Verified

No

WPVDB ID

7bb137df-34ba-4880-8c39-e31631d70829

Timeline

Publicly Published

2024-07-04 (about 1 year ago)

Added

2024-07-11 (about 1 year ago)

Last Updated

2024-07-11 (about 1 year ago)

Other

Published

Title

Published

2023-09-22

Title

Easy Registration Forms <= 2.1.1 - Subscriber+ Information Disclosure via Shortcode

Published

2025-05-01

Title

Yame | Link In Bio <= 0.9.0 - Unauthenticated Information Exposure

Published

2025-12-31

Title

Varnish/Nginx Proxy Caching <= 1.8.3 - Unauthenticated Information Exposure

Published

2024-08-08

Title

affiliate-toolkit < 3.6 - Unauthenticated Full Path Dislcosure

Published

2025-07-16

Title

JetTabs < 2.2.9.1 - Authenticated (Subscriber+) Information Exposure