Description
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RealMag777 TableOn posts-table-filterable allows Code Injection.This issue affects TableOn: from n/a through <= 1.0.5.1.
Published: 2025-11-06
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an Improper Neutralization of Script‑Related HTML Tags in the RealMag777 TableOn posts‑table‑filterable plugin, allowing attackers to inject arbitrary JavaScript or HTML into the plugin’s output. This can lead to exploitation of the user’s browser, enabling credential theft, defacement, or malicious redirects. The weakness is classified as CWE‑80 and results in a cross‑site scripting vector.

Affected Systems

RealMag777’s TableOn posts‑table‑filterable plugin, versions up to and including 1.0.5.1 are affected. The issue is present in all releases prior to and including that version.

Risk and Exploitability

The CVSS score of 7.1 indicates a high impact potential, while the EPSS score of less than 1% suggests a low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is through unauthenticated or authenticated front‑end input fields that are rendered by the plugin, where an attacker can supply malicious payloads that are not properly escaped.

Generated by OpenCVE AI on April 29, 2026 at 13:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the TableOn plugin to a version that includes the XSS fix.
  • If an immediate update is not available, deactivate the TableOn plugin until a patch is released to prevent exploitation.
  • Implement a web application firewall rule or modify the theme to escape any user‑generated content passed through the plugin output.

Generated by OpenCVE AI on April 29, 2026 at 13:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RealMag777 TableOn posts-table-filterable allows Code Injection.This issue affects TableOn: from n/a through <= 1.0.4.2. Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RealMag777 TableOn posts-table-filterable allows Code Injection.This issue affects TableOn: from n/a through <= 1.0.5.1.
Title WordPress TableOn plugin <= 1.0.4.2 - Content Injection vulnerability WordPress TableOn plugin <= 1.0.5.1 - Content Injection vulnerability

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Mon, 17 Nov 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 17 Nov 2025 16:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Fri, 07 Nov 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Thu, 06 Nov 2025 16:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RealMag777 TableOn posts-table-filterable allows Code Injection.This issue affects TableOn: from n/a through <= 1.0.4.2.
Title WordPress TableOn plugin <= 1.0.4.2 - Content Injection vulnerability
Weaknesses CWE-80
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T18:44:14.953Z

Reserved: 2025-09-25T15:34:44.964Z

Link: CVE-2025-60244

cve-icon Vulnrichment

Updated: 2025-11-17T14:31:12.635Z

cve-icon NVD

Status : Deferred

Published: 2025-11-06T16:16:07.217

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-60244

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T14:00:12Z

Weaknesses