CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13374 – WP Table Manager <= 4.1.3 - Missing Authorization to Authenticated (Subscriber+) Directory Traversal to Folder/File Name Disclosure
https://notcve.org/view.php?id=CVE-2024-13374
11 Feb 2025 — The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary file names and directories. • https://www.joomunited.com/wordpress-products/wp-table-manager • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47601 – WordPress WP Table Manager plugin <= 3.5.2 - Broken Access Control
https://notcve.org/view.php?id=CVE-2022-47601
27 Jan 2023 — Missing Authorization vulnerability in JoomUnited WP Table Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Table Manager: from n/a through 3.5.2. The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/wp-table-manager/vulnerability/wordpress-wp-table-manager-plugin-3-5-2-broken-access-control?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47602 – WordPress WP Table Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-47602
27 Jan 2023 — Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in JoomUnited WP Table Manager plugin <= 3.5.2 versions. The WP Table Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting parameter in versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on table cell values. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a ... • https://patchstack.com/database/vulnerability/wp-table-manager/wordpress-wp-table-manager-plugin-3-5-2-cross-site-scripting-xss?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •