Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Essekia Tablesome tablesome allows Blind SQL Injection.This issue affects Tablesome: from n/a through <= 1.2.3.
Published: 2026-03-05
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Immediate Patch
AI Analysis

Impact

This vulnerability is an SQL injection flaw in the Essekia Tablesome WordPress plugin that allows attackers to inject arbitrary SQL code into queries. The flaw stems from improper neutralization of special characters in user-supplied data, enabling a blind SQL injection attack. An attacker can exploit the vulnerability to read or modify sensitive data stored in the database, potentially compromising the confidentiality and integrity of the website’s contents.

Affected Systems

WordPress sites installed with the Tablesome plugin version 1.2.3 or earlier are affected. All earlier plugin releases, from the initial release up to and including 1.2.3, are vulnerable. Site administrators should verify the plugin version regardless of the WordPress core version and consider the plugin a security risk until a fix is applied.

Risk and Exploitability

The vulnerability’s impact is remote SQL injection that can lead to data exfiltration or modification. It is unlikely to be actively exploited, as indicated by a very low EPSS score of less than 1%, and it is not listed in the CISA KEV catalog. Because the flaw is present in code that handles user input without adequate validation, a malicious actor could attempt exploitation without requiring authentication, but the low probability suggests that this vulnerability is unlikely to be a target for widespread attacks.

Generated by OpenCVE AI on April 16, 2026 at 05:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Tablesome to a version newer than 1.2.3; if no patch exists yet, remove the plugin from the live site.
  • Disable the Tablesome plugin or restrict its access to trusted administrative accounts until a fix is available.
  • Implement strict input validation on the WordPress site and configure the database user with the least privileges necessary for the plugin to operate; consider a firewall rule to block SQL injection patterns.

Generated by OpenCVE AI on April 16, 2026 at 05:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 09 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Essekia
Essekia tablesome
Wordpress
Wordpress wordpress
Vendors & Products Essekia
Essekia tablesome
Wordpress
Wordpress wordpress

Thu, 05 Mar 2026 06:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Essekia Tablesome tablesome allows Blind SQL Injection.This issue affects Tablesome: from n/a through <= 1.2.3.
Title WordPress Tablesome plugin <= 1.2.3 - SQL Injection vulnerability
Weaknesses CWE-89
References

Subscriptions

Essekia Tablesome
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:12.771Z

Reserved: 2026-02-19T09:51:54.220Z

Link: CVE-2026-27373

cve-icon Vulnrichment

Updated: 2026-03-09T17:53:47.941Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-05T06:16:26.753

Modified: 2026-03-09T18:16:19.603

Link: CVE-2026-27373

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T05:15:25Z

Weaknesses