CVE-2024-3282

The WP Table Builder WordPress plugin through 1.5.0 does not sanitise and escape some of its Table data, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:wptablebuilder:wp_table_builder:*:*:*:*:*:wordpress:*:*

History

17 May 2025, 02:06

Type Values Removed Values Added
CWE CWE-79
First Time Wptablebuilder wp Table Builder
Wptablebuilder
CPE cpe:2.3:a:wptablebuilder:wp_table_builder:*:*:*:*:*:wordpress:*:*
References () https://wpscan.com/vulnerability/12bf5e8e-24c9-48b9-b94c-c14ed60d7c15/ - () https://wpscan.com/vulnerability/12bf5e8e-24c9-48b9-b94c-c14ed60d7c15/ - Exploit, Third Party Advisory

Information

Published : 2024-08-23 06:15

Updated : 2025-05-17 02:06


NVD link : CVE-2024-3282

Mitre link : CVE-2024-3282

CVE.ORG link : CVE-2024-3282


JSON object : View

Products Affected

wptablebuilder

  • wp_table_builder
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')