Description
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.34.
Published: 2025-12-09
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Essekia Tablesome tablesome contains a missing authorization flaw that allows an attacker to exploit incorrectly configured access control security levels. The vulnerability enables unauthorized users to access or manipulate tables within the plugin, potentially leading to disclosure or modification of sensitive data stored in WordPress. The primary impact is loss of data confidentiality and integrity, with the possibility of disrupting normal plugin operations.

Affected Systems

The flaw affects Essekia Tablesome plugin versions up to and including 1.1.34; all installations running these or earlier revisions are impacted. The vulnerability is present in the core plugin code and does not require additional components.

Risk and Exploitability

The CVSS score of 4.3 indicates low severity, and the EPSS score of < 1% suggests a very low probability of exploitation at this time. It is not listed in CISA's KEV catalog. The likely attack vector is remote, via the WordPress web interface, targeting any authenticated or even unauthenticated user depending on the plugin’s exposure. Exploitation requires that the attacker can reach the plugin’s endpoints, and no additional software or system privileges are required beyond those needed to access the WordPress site.

Generated by OpenCVE AI on April 29, 2026 at 13:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Tablesome plugin to version 1.1.35 or later once the vendor releases an official fix.
  • If updating is not immediately possible, restrict the plugin’s endpoints so that only administrators or trusted roles can interact with its tables, effectively tightening the access control matrix.
  • Consider deactivating or uninstalling the Tablesome plugin on installations that do not require its functionality until the vulnerability is fully resolved.

Generated by OpenCVE AI on April 29, 2026 at 13:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Wed, 10 Dec 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Dec 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Essekia
Essekia tablesome Table
Wordpress
Wordpress wordpress
Vendors & Products Essekia
Essekia tablesome Table
Wordpress
Wordpress wordpress

Tue, 09 Dec 2025 14:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.34.
Title WordPress Tablesome plugin <= 1.1.34 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Essekia Tablesome Table
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T19:11:04.563Z

Reserved: 2025-12-04T04:07:13.046Z

Link: CVE-2025-66526

cve-icon Vulnrichment

Updated: 2025-12-10T21:59:52.157Z

cve-icon NVD

Status : Deferred

Published: 2025-12-09T16:18:19.740

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-66526

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T13:45:12Z

Weaknesses