4 results (0.034 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pauple Table & Contact Form 7 Database – Tablesome.This issue affects Table & Contact Form 7 Database – Tablesome: from n/a through 1.0.33. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en la base de datos Pauple Table & Contact Form 7 – Tablesome. Este problema afecta la base de datos Table & Contact Form 7 – Tablesome: desde n/a hasta 1.0.33. The Tablesome – Responsive Table, Woocommerce Automation, Email Log, Form Automation – Contact Form 7, Elementor, WPForms, Forminator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.33 due to insufficient capability checks on the get_export_table_props function. This makes it possible for unauthenticated attackers to extract potentially sensitive information from tables. • https://patchstack.com/database/vulnerability/tablesome/wordpress-tablesome-plugin-1-0-33-sensitive-data-exposure-via-api-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Pauple Table & Contact Form 7 Database – Tablesome.This issue affects Table & Contact Form 7 Database – Tablesome: from n/a through 1.0.25. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Pauple Table & Contact Form 7 Database – Tablesome. Este problema afecta la base de datos Table & Contact Form 7 – Tablesome: desde n/a hasta 1.0.25. The Table & Contact Form 7 Database – Tablesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.25. This is due to missing or incorrect nonce validation on the publish_table() function. • https://patchstack.com/database/vulnerability/tablesome/wordpress-tablesome-plugin-1-0-25-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pauple Table & Contact Form 7 Database – Tablesome allows Reflected XSS.This issue affects Table & Contact Form 7 Database – Tablesome: from n/a through 1.0.27. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en Pauple Table & Contact Form 7 Database – Tablesome permite XSS reflejado. Este problema afecta la base de datos Table & Contact Form 7 – Tablesome: desde n/a hasta 1.0. 27. The Table & Contact Form 7 Database – Tablesome plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/tablesome/wordpress-tablesome-plugin-1-0-27-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting The Tablesome plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via unescaped URLs in versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. WordPress Tablesome plugin versions prior to 1.0.9 suffer from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/173727/WordPress-Tablesome-Cross-Site-Scripting.html https://wpscan.com/vulnerability/8ef64490-30cd-4e07-9b7c-64f551944f3d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •