Description
Missing Authorization vulnerability in Essekia Tablesome Table Premium tablesome-premium allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tablesome Table Premium: from n/a through <= 1.1.23.
Published: 2025-10-22
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization check in the Essekia Tablesome Table Premium plugin. It enables attackers to invoke functionality that is not properly constrained by access control lists, potentially allowing unauthorized reading, modification, or deletion of content and the execution of privileged actions. This missing enforcement falls under CWE‑862, which is a classic broken access control weakness.

Affected Systems

Any WordPress site that installs Tablesome Table Premium version 1.1.23 or earlier is affected. The issue is confined to the plugin itself and therefore impacts WordPress installations where the plugin is enabled and has administrative or elevated user roles present.

Risk and Exploitability

The CVSS score of 7.5 indicates a moderate‑to‑high severity, while the EPSS score of <1% suggests that exploitation is currently unlikely but not impossible. The flaw is not listed in CISA’s KEV catalog, implying no widely reported active exploitation. The likely attack vector is inferred to be the delivery of crafted HTTP requests to the plugin’s endpoints, which may require an authenticated session or a user with a role that can trigger plugin actions. Since the problem stems from improper enforcement of ACLs, the risk is elevated in environments where plugin permissions are not tightly controlled.

Generated by OpenCVE AI on May 1, 2026 at 06:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Tablesome Table Premium plugin to the latest version that fixes the authorization flaw (≥1.1.24).
  • Revoke unnecessary administrative or privileged roles granted to users of the plugin and review all access control settings to ensure that only users with legitimate business need can trigger the plugin’s features.
  • Monitor application logs for anomalous access patterns or unexpected use of the plugin’s functionality, and investigate any suspicious events promptly.

Generated by OpenCVE AI on May 1, 2026 at 06:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Thu, 23 Oct 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Oct 2025 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Wed, 22 Oct 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Essekia Tablesome Table Premium tablesome-premium allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tablesome Table Premium: from n/a through <= 1.1.23.
Title WordPress Tablesome Table Premium <= 1.1.23 - Broken Access Control Vulnerability
Weaknesses CWE-862
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:02.040Z

Reserved: 2025-03-26T09:22:08.300Z

Link: CVE-2025-30944

cve-icon Vulnrichment

Updated: 2025-10-22T19:47:33.189Z

cve-icon NVD

Status : Deferred

Published: 2025-10-22T15:15:33.033

Modified: 2026-04-27T17:16:26.003

Link: CVE-2025-30944

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T06:15:10Z

Weaknesses