CVE-2025-5096

Published
View on NVD ↗
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-caption', 'data-s-content-padding', 'data-s-title', and 'data-footer' data-attributes in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

DataTables/DataTablesSrc
DataTables/DataTablesSrc
DataTables source repository
GitHubGitHub
785
TablePress – Tables in WordPress made easy
TablePress – Tables in WordPress made easy
<p><strong>Boost your website with feature-rich tables that your visitors will love!</strong></p> <p>TablePress is the most popular and highest-rated WordPress table plugin.</p> <ul> <li>Easily create, edit, and manage <strong>beautiful and modern</strong> data tables, from simple <strong>price lists</strong> to searchable <strong>directories, product and model tables, inventories, schedules</strong>, and research datasets.</li> <li>Add live <strong>sorting</strong>, <strong>pagination</strong>, <strong>searching</strong>, and other interactive features that help visitors find what they’re looking for on any device.</li> <li>Use any type of data and enrich your tables with <strong>images</strong>, <strong>links</strong>, and even <strong>math formulas</strong>.</li> <li><strong>Import</strong> and <strong>export</strong> tables from/to <strong>Excel</strong>, CSV, HTML, and JSON files or URLs, including spreadsheet data from <strong>Google Sheets</strong>, <strong>Excel Online</strong>, and files stored on <strong>Dropbox</strong> or <strong>OneDrive</strong>.</li> <li>Embed tables into posts, pages, or other site areas using the block editor, an Elementor widget, or Shortcodes.</li> <li>All with <strong>no coding knowledge needed</strong>!</li> </ul> <p>Even <strong>more great features</strong> for you and your site’s visitors and <strong>priority email support</strong> are <strong>available</strong> with a Premium license plan of TablePress. <a href="https://tablepress.org/premium/?utm_source=wordpress.org&amp;utm_medium=textlink&amp;utm_content=readme" rel="nofollow ugc">Go check them out!</a></p> <h4>Common use cases</h4> <p>TablePress will handle a wide range of tables, from simple price lists to searchable directories and large datasets. Popular examples include:</p> <ul> <li>Product and model tables</li> <li>Service and price lists</li> <li>Directories and listings</li> <li>Schedules and timetables</li> <li>Participant and member lists</li> <li>Inventories and collections</li> <li>Comparison tables</li> <li>Research and statistical data</li> </ul> <h4>Accessible and SEO-friendly tables</h4> <p>TablePress creates accessible HTML tables whose content can be searched by visitors, WordPress search, and search engines alike. Interactive features like sorting, filtering, and pagination include accessibility enhancements for screen readers and other assistive technologies.<br /> This makes it easy for visitors to find relevant information, whether they are browsing a large directory, searching a product table, or using your site’s search function.</p> <h4>More information</h4> <p>Visit <a href="https://tablepress.org/" rel="nofollow ugc">tablepress.org</a> for more information, take a look at <a href="https://tablepress.org/demo/" rel="nofollow ugc">example tables</a>, or <a href="https://tablepress.org/demo/#try" rel="nofollow ugc">try TablePress on a free test site</a>. For latest news, <a href="https://twitter.com/TablePress" rel="nofollow ugc">follow @TablePress</a> on Twitter/X or subscribe to the <a href="https://tablepress.org/#newsletter" rel="nofollow ugc">TablePress Newsletter</a>.</p> <h3>How to use TablePress</h3> <p>After installing the plugin, you can create and manage tables on the &#8220;TablePress&#8221; screen in the WordPress Dashboard.</p> <p>To insert a table into a post or page, add a &#8220;TablePress table&#8221; block in the block editor or a widget in the Elementor page builder and select the desired table or use Shortcodes with other page builders.</p> <p>Beginner-friendly step-by-step <a href="https://tablepress.org/tutorials/" rel="nofollow ugc">tutorials, guides, and how-tos</a> show how to achieve common and popular tasks with TablePress.<br /> You can find examples for common styling changes via “Custom CSS” code on the <a href="https://tablepress.org/faq/" rel="nofollow ugc">TablePress FAQ page</a>.<br /> You may also add features like sorting, pagination, searching, filtering, alternating row colors, row highlighting, and more by enabling the corresponding options on a table’s “Edit” screen.</p> <h3>Premium features</h3> <p>Need additional functionality for larger tables or advanced use cases? Premium license plans for TablePress add features such as:</p> <ul> <li>Options for responsive tables</li> <li>Advanced filtering and search</li> <li>Fixed table headers and columns</li> <li>Automatic periodic imports</li> <li>Custom styling options</li> <li>And much more</li> </ul> <p>Priority email support is also included. <a href="https://tablepress.org/premium/?utm_source=wordpress.org&amp;utm_medium=textlink&amp;utm_content=readme" rel="nofollow ugc">Check out the details on the TablePress website.</a></p>
WordPress Plugin DirectoryWordPress Plugin Directory
23.9M