WP Table Builder
Moderate fix1 remedy
cpe:2.3:a:wptablebuilder:wp_table_builder:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 2.0.12
WP Table Builder Stored Cross-Site Scripting Vulnerability
Vulnerability
Patched
A stored cross-site scripting vulnerability has been identified in the WP Table Builder WordPress plugin, affecting all versions through 2.0.12. The issue arises from inadequate input sanitization and output escaping on user-supplied attributes, particularly within the 'wptb' shortcode. This vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary scripts into pages, which are executed when users access those pages.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the page.
Reproduction
To reproduce this vulnerability, an authenticated user with contributor-level access or higher can use the 'wptb' shortcode to create a table. By injecting a script into the table's content, the script will be executed when the table is viewed, demonstrating the cross-site scripting vulnerability.
Remediation
Users are advised to update the WP Table Builder plugin to version 2.0.13 or later, where this vulnerability has been patched.
Added: Aug 15, 2025, 8:22 AM
Updated: Aug 15, 2025, 8:22 AM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
1.7exploitability
6.4remediation
7.7relevance
0.3threat
4.8urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.