Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Reflected XSS.This issue affects WP Table Builder: from n/a through <= 2.0.5.
Published: 2025-04-11
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker able to inject malicious JavaScript via query parameters or form fields can trigger reflected XSS in the WP Table Builder plugin. The flaw arises from improper input neutralization during web page construction, allowing arbitrary script execution in the context of the victim’s browser. This can lead to session hijacking, cookie theft, or delivery of further malware, compromising user confidentiality and integrity.

Affected Systems

WordPress sites running the WP Table Builder plugin version 2.0.5 or earlier are affected. The issue applies to all installations of the plugin from its first release up to and including version 2.0.5.

Risk and Exploitability

The CVSS v3.1 score is 7.1, indicating a high severity for a reflected XSS vulnerability. The EPSS score is less than 1%, suggesting a very low probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. The likely attacker model requires that the user visits a crafted URL or submits a crafted form input. No elevated privileges are needed, making the attack vector plausible for public web sites.

Generated by OpenCVE AI on May 1, 2026 at 10:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WP Table Builder to the latest available version, as newer releases contain the input sanitization fix.
  • If an update cannot be applied immediately, consider disabling or uninstalling the WP Table Builder plugin until a fix is released.
  • Employ a Web Application Firewall or implement a strict Content Security Policy to mitigate reflected XSS by blocking inline script execution.

Generated by OpenCVE AI on May 1, 2026 at 10:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-10749 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Reflected XSS. This issue affects WP Table Builder: from n/a through 2.0.4.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

 cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Reflected XSS. This issue affects WP Table Builder: from n/a through 2.0.4. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder wp-table-builder allows Reflected XSS.This issue affects WP Table Builder: from n/a through <= 2.0.5.
Title WordPress WP Table Builder plugin <= 2.0.4 - Cross Site Scripting (XSS) vulnerability WordPress WP Table Builder plugin <= 2.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

 cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

Wed, 04 Jun 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Wptablebuilder
Wptablebuilder wp Table Builder
CPEs cpe:2.3:a:wptablebuilder:wp_table_builder:*:*:*:*:*:wordpress:*:*
Vendors & Products Wptablebuilder
Wptablebuilder wp Table Builder

Tue, 15 Apr 2025 15:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Reflected XSS. This issue affects WP Table Builder: from n/a through 2.0.4. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Reflected XSS. This issue affects WP Table Builder: from n/a through 2.0.4.

Fri, 11 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 11 Apr 2025 09:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Table Builder WP Table Builder allows Reflected XSS. This issue affects WP Table Builder: from n/a through 2.0.4.
Title WordPress WP Table Builder plugin <= 2.0.4 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wptablebuilder Wp Table Builder
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:25.166Z

Reserved: 2025-04-09T11:20:27.475Z

Link: CVE-2025-32598

cve-icon Vulnrichment

Updated: 2025-04-11T15:28:02.720Z

cve-icon NVD

Status : Modified

Published: 2025-04-11T09:15:30.710

Modified: 2026-04-23T15:29:11.013

Link: CVE-2025-32598

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T10:45:05Z

Weaknesses