) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:tablepress:tablepress:1.1:*:*:*:*:wordpress:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2024-23825 |
TablePress is a table plugin for Wordpress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5. Published: January 30, 2024; 12:15:11 PM -0500 |
V3.1: 4.9 MEDIUM V2.0:(not available) |
| CVE-2019-20180 |
The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Published: January 09, 2020; 4:15:11 PM -0500 |
V3.1: 6.8 MEDIUM V2.0: 6.0 MEDIUM |
| CVE-2017-10889 |
TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors. Published: November 17, 2017; 9:29:00 AM -0500 |
V3.0: 4.3 MEDIUM V2.0: 4.0 MEDIUM |