CVE-2025-5096 – TablePress for WordPress DOM-Based Stored Cross-Site Scripting Vulnerability

May 23, 2025

CVE ID : CVE-2025-5096

Published : May 23, 2025, 9:15 a.m. | 3 hours, 24 minutes ago

Description : The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘data-caption’, ‘data-s-content-padding’, ‘data-s-title’, and ‘data-footer’ data-attributes in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-13945 – ASPECT Stored Path Traversal Vulnerability

Next Article CVE-2025-47149 – i-FILTER Anti-Virus & Sandbox Pattern File Validation Remote Code Execution/DoS Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

My favorite gaming service is 40% off right now (and no, it’s not Xbox Game Pass)

A timeline of JavaScript’s history

A timeline of JavaScript’s history

Loading JSON Data into Snowflake From Local Directory

Streamline Conditional Logic with Laravel’s Fluent Conditionable Trait

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

CVE-2025-5096 – TablePress for WordPress DOM-Based Stored Cross-Site Scripting Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-47535 – Opal Woo Custom Product Variation Path Traversal

The 10-20-30 Rule: Does It Still Apply to Modern Presentations?

The 50+ best Black Friday Walmart deals 2024: Early sales live now

Playwright E2E Testing: A Fast & Practical Introduction

8 Excellent Free Books to Learn Julia

How to create system restore points on Linux with Timeshift – and why you should

Palworld creators announce new publishing company—with a horror game as first project

The Samsung Galaxy S25 Ultra was nearly unusable for me – until I downloaded this one app

Multimodal Autoregressive Pre-Training of Large Vision Encoders

CVE-2025-5096 – TablePress for WordPress DOM-Based Stored Cross-Site Scripting Vulnerability

Related Posts