Description
Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.2.8.
Published: 2026-01-23
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Immediate Patch
AI Analysis

Impact

This vulnerability is a missing authorization flaw in the Essekia Tablesome WordPress plugin that permits the exploitation of incorrectly configured access control security levels. An attacker who can invoke the plugin’s functions is able to bypass the intended access restrictions, potentially executing actions that should be limited to privileged users. The result is unauthorized access to the plugin’s data or configuration, which could lead to data disclosure or modification. The weakness corresponds to CWE‑862 – Missing Authorization.

Affected Systems

Essekia Tablesome plugin for WordPress, all released versions up to and including 1.2.8.

Risk and Exploitability

The CVSS score of 4.3 indicates medium severity. The EPSS score of <1% suggests exploitation is currently unlikely but not impossible. This vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that attackers could exploit the flaw from a remote web session by sending crafted HTTP requests to the plugin’s endpoints that lack proper authorization checks. Once the exploit succeeds, the attacker can perform privileged actions such as reading, editing, or deleting data managed by Tablesome.

Generated by OpenCVE AI on April 28, 2026 at 22:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Essekia Tablesome plugin to a version newer than 1.2.8.
  • Ensure that WordPress user accounts accessing the plugin have the least privilege required, and consider removing or disabling the Tablesome plugin for accounts that do not need it.
  • Monitor the website’s access logs for unusual activity or requests targeting the Tablesome endpoint, and block suspicious patterns if necessary.

Generated by OpenCVE AI on April 28, 2026 at 22:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.2.6. Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.2.8.
Title WordPress Tablesome plugin <= 1.2.6 - Broken Access Control vulnerability WordPress Tablesome plugin <= 1.2.8 - Broken Access Control vulnerability
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.2. Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.2.6.
Title WordPress Tablesome plugin <= 1.1.35.2 - Broken Access Control vulnerability WordPress Tablesome plugin <= 1.2.6 - Broken Access Control vulnerability

Mon, 26 Jan 2026 23:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 26 Jan 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Fri, 23 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Essekia Tablesome tablesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tablesome: from n/a through <= 1.1.35.2.
Title WordPress Tablesome plugin <= 1.1.35.2 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:48.764Z

Reserved: 2026-01-23T12:31:31.583Z

Link: CVE-2026-24524

cve-icon Vulnrichment

Updated: 2026-01-26T19:37:29.126Z

cve-icon NVD

Status : Deferred

Published: 2026-01-23T15:16:08.200

Modified: 2026-04-28T15:16:10.180

Link: CVE-2026-24524

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T22:30:41Z

Weaknesses