Get Started

WordPress: DOM-Based Stored XSS via Data Attributes in TablePress Plugin

by the Hossted team
27.05.2025

In TablePress plugin for WordPress versions up to and including 3.1.2 a medium severity vulnerability CVE-2025-5096 was detected. This DOM-based stored XSS vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts via the data-caption, data-s-content-padding, data-s-title and data-footerattributes. To address this issue, users should upgrade TablePress plugin to versions 3.1.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5096.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR