CVE-2023-1890
MEDIUM NUCLEITablesome < 1.0.9 - Reflected Cross-Site Scripting via Unescaped Generated URLs
Title source: llmExploitation Summary
CVE-2023-1890 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting
Nuclei Templates (1)
Tablesome < 1.0.9 - Cross-Site Scripting
MEDIUMVERIFIEDby r3Y3r53
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/173727/WordPress-Tablesome-Cross-Site-Scripting.html
Exploit exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/8ef64490-30cd-4e07-9b7c-64f551944f3d
Scores
CVSS v3
6.1
EPSS
0.0107
EPSS Percentile
60.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
Status
published
Products (1)
pauple/tablesome
< 1.0.9
Published
May 15, 2023
Tracked Since
Feb 18, 2026