Description
WordPress Plugin TablePress is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause Denial-of-Service condition. WordPress Plugin TablePress version 1.8 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.8.1 or latest
References
http://jvn.jp/en/jp/JVN05398317/index.html
https://plugins.svn.wordpress.org/tablepress/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Relevanssi Premium-A Better Search Cross-Site Scripting (1.14.8)
WordPress Plugin Crayon Syntax Highlighter Local File Disclosure (2.6.10)
WordPress Plugin BibleGet I/O Unspecified Vulnerability (3.4)
WordPress Plugin HubSpot All-In-One Marketing-Forms, Popups, Live Chat Cross-Site Scripting (7.5.5)
WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.2.1 - 1.2.2)