WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin TablePress XML External Entity Injection (1.8)

Description

WordPress Plugin TablePress is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause Denial-of-Service condition. WordPress Plugin TablePress version 1.8 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.8.1 or latest

References

http://jvn.jp/en/jp/JVN05398317/index.html

https://plugins.svn.wordpress.org/tablepress/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin wpForo Forum Multiple Vulnerabilities (2.1.7)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2963)

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Remote Code Execution (2.0.14)

MySQL Other Vulnerability (CVE-2004-0381)

IBM WebSEAL Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1815)

Severity

High

Classification

CVE-2017-10889 CWE-611 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update