The vulnerability is a Cross‑Site Request Forgery flaw in the Table Editor plugin for WordPress that allows an attacker to submit requests that change or delete table content without the user’s consent. Because the plugin accepts these requests without verifying the request’s origin or the user’s intent, a malicious actor can cause the plugin to alter data or trigger actions on behalf of a logged‑in administrator. The resulting impact is the unauthorized execution of actions that should be protected, potentially leading to data tampering or service disruption.

All installations of the Table Editor plugin with a version number less than or equal to 1.6.4 are affected. The plugin is distributed under the names 'wptableeditor' and 'Table Editor', and any WordPress site that has one of these plugins pre‑1.6.4 falls into the vulnerable range. No specific operating system or PHP version constraints are mentioned, so the risk applies to any typical WordPress environment hosting the plugin.

The CVSS score of 4.3 indicates a medium impact, and the EPSS score of less than 1% suggests that active exploitation is currently unlikely. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, reinforcing its low exploit probability. The attack vector is inferred to be legitimate user sessions: an attacker would host a malicious payload that, when executed by a user already authenticated to the WordPress site, sends a forged request to the plugin, exploiting the lack of CSRF protection.