Japan Vulnerability NotesJVN:05398317JVN#05398317: WordPress plugin "TablePress" vulnerable to improper restriction of XML external entity (XXE) references
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.0005 Low
EPSS
Percentile
18.3%
The WordPress plugin “TablePress” is a plugin to create and manage tables on WordPress site. TablePress contains a vulnerability where XML external entity (XXE) references are not properly restricted (CWE-611).
Impact
An arbitrary file on the server may be accessed by users who can access the configuration page of the plugin (users with Author or higher role).
Solution
Update the plugin
Update the plugin according to the information provided by the developer.
Products Affected
- TablePress prior to version 1.8.1
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.0005 Low
EPSS
Percentile
18.3%