WP Table Builder – WordPress Table Plugin < 1.5.0 – Authenticated (Contributor+) Stored Cross-Site Scripting | CVE 2024-43125 | Plugin Vulnerabilities

Description

The WP Table Builder – WordPress Table Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an HTML element in versions up to, and including, 1.4.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affects Plugins

wp-table-builder

Fixed in 1.5.0

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/9b63dc2f-0d2b-43c8-9dc1-9d202cc92767

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Phill Sav (Savphill)

Verified

No

WPVDB ID

99964686-3de7-47f4-91ce-0d123bb7438a

Timeline

Publicly Published

2024-08-07 (about 1 year ago)

Added

2024-08-14 (about 1 year ago)

Last Updated

2024-08-14 (about 1 year ago)

Other

Published

Title

Published

2022-01-26

Title

Embed Swagger <= 1.0.0 - Reflected Cross-Site Scripting

Published

2024-10-14

Title

Unlimited Addon For Elementor <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2026-02-04

Title

Essential Widgets < 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes

Published

2025-12-03

Title

Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto <= 1.3.65 - Unauthenticated Stored Cross-Site Scripting

Published

2025-09-22

Title

eZee Online Hotel Booking Engine <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting