CVE-2023-1890

MEDIUM NUCLEI

Tablesome WordPress <1.0.9 - XSS

Title source: llm

Description

The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting

Nuclei Templates (1)

Tablesome < 1.0.9 - Cross-Site Scripting

MEDIUMVERIFIEDby r3Y3r53

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/173727/WordPress-Tablesome-Cross-Site-Scripting.html

[Exploit] https://wpscan.com/vulnerability/8ef64490-30cd-4e07-9b7c-64f551944f3d

Scores

CVSS v3 6.1

EPSS 0.1082

EPSS Percentile 93.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Status published

Products (1)

pauple/tablesome < 1.0.9

Published May 15, 2023

Tracked Since Feb 18, 2026