Table & Contact Form 7 Database – Tablesome < 1.0.26 – Cross-Site Request Forgery | CVE 2024-31388 | Plugin Vulnerabilities

Description

The Table & Contact Form 7 Database – Tablesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.25. This is due to missing or incorrect nonce validation on the publish_table() function. This makes it possible for unauthenticated attackers to publish tables via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affects Plugins

Fixed in 1.0.26

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/9efb88e2-381f-4e26-80bb-1b034ffc1c91

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

thiennv

Verified

No

WPVDB ID

8eb400e6-00f3-4f2d-b890-fca1d4bae022

Timeline

Publicly Published

2024-04-10 (about 2 years ago)

Added

2024-04-16 (about 2 years ago)

Last Updated

2024-04-16 (about 2 years ago)

Other

Published

Title

Published

2023-07-17

Title

Premmerce < 1.3.17 - Cross-Site Request Forgery

Published

2025-12-30

Title

SearchAzon <= 1.4 - Cross-Site Request Forgery

Published

2023-07-11

Title

OptiMonk < 2.0.5 - Account ID Update via CSRF

Published

2025-06-19

Title

Live Sports Streamthunder <= 2.1 - Cross-Site Request Forgery

Published

2025-05-15

Title

WP2LEADS < 3.5.1 - Cross-Site Request Forgery