CVE-2025-5143 – TableOn – WordPress Posts Table Filterable Stored Cross-Site Scripting

June 21, 2025

CVE ID : CVE-2025-5143

Published : June 21, 2025, 7:15 a.m. | 3 hours, 33 minutes ago

Description : The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s tableon_popup_iframe_button shortcode in all versions up to, and including, 1.0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6401 – TOTOLINK N300RH HTTP POST Message Handler Denial of Service Vulnerability

Next Article CVE-2025-6400 – TOTOLINK N300RH HTTP POST Message Handler Buffer Overflow Vulnerability

Automating Design Systems: Tips And Resources For Getting Started

OpenAI releases two open weight reasoning models

Accelerate tool adoption with a developer experimentation framework

UX Job Interview Helpers

Yes, you can edit video like a pro on Linux – here are my 4 go-to apps

I tried Perplexity’s new reservation feature, and it surprised me with new dining spots to try

Your Samsung TV is getting a huge feature upgrade – 3 AI tools launching right now

This multi-card reader is one of the best investments I’ve made for my creative workflow

Fluent Object Operations with Laravel’s Enhanced Helper Utilities

Fluent Object Operations with Laravel’s Enhanced Helper Utilities

Record and Replay Requests With Laravel ChronoTrace

How to Write Media Queries in Optimizely Configured Commerce (Spire)

Battlefield 6 Developers Confirm AI Bots Will Auto-fill Servers If Player Count Drops

Battlefield 6 Developers Confirm AI Bots Will Auto-fill Servers If Player Count Drops

Canon imageFORMULA R40 Driver for Windows 11, 10 (Download)

Microsoft to End Support for Visual Studio 2015 This October

CVE-2025-5143 – TableOn – WordPress Posts Table Filterable Stored Cross-Site Scripting

ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch

CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence

Activision once again draws the ire of players for new Diablo Immortal marketing that appears to have been made with generative AI

Feature Flags with Laravel Pennant

systemd Pilot is a GUI tool for managing systemd services

Stealth Falcon APT Exploits Microsoft RCE Zero-Day in Mideast

Critical Sudo Flaw (CVE-2025-32463, CVSS 9.3): Root Privilege Escalation & Host Bypass, PoC Available

Malicious npm Package Leverages Unicode Steganography, Google Calendar as C2 Dropper

What is the difference between CBT and SFT?

Microsoft’s June 2025 Patch Tuesday causes DHCP Server issues—Fix incoming

CVE-2025-5143 – TableOn – WordPress Posts Table Filterable Stored Cross-Site Scripting

Related Posts