Description
Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
Published: 2026-06-25
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an unauthenticated reflected cross‑site scripting flaw in TablePress versions up to and including 3.3.1. An attacker can embed arbitrary scripts that will execute in the web browser of any visitor to a page that uses TablePress, potentially resulting in session hijacking, defacement, or supply‑chain attacks. The weakness is a classic input validation failure identified as CWE‑79.

Affected Systems

The affected product is the WordPress TablePress plugin, version 3.3.1 and earlier. No specific operating system or PHP version constraints are listed, but the plugin runs on all WordPress sites that have not been updated to 3.3.2 or later.

Risk and Exploitability

The CVSS score of 7.1 reflects a high‑severity vulnerability that is exploitable without authentication, making it easy for attackers to target any visitor. The lack of an EPSS score indicates that no quantitative exploitation probability is provided, and KEV shows it is not listed in CISA’s known exploited vulnerabilities catalog. The attack vector is a web‑based request to a TablePress‑enabled page, and the vulnerability can be triggered by any user who visits a crafted URL.

Generated by OpenCVE AI on June 25, 2026 at 16:00 UTC.

Remediation

Vendor Solution

Update the WordPress TablePress Plugin to the latest available version (at least 3.3.2).

OpenCVE Recommended Actions

  • Update the TablePress plugin to version 3.3.2 or later using the vendor’s update mechanism
  • If an update is unavailable, remove or disable the TablePress plugin until a fix is applied
  • Consider deploying a web application firewall or content‑security‑policy to mitigate reflected XSS attempts

Generated by OpenCVE AI on June 25, 2026 at 16:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Tablepress
Tablepress tablepress
Wordpress
Wordpress wordpress
Vendors & Products Tablepress
Tablepress tablepress
Wordpress
Wordpress wordpress

Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.
Title WordPress TablePress plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Tablepress Tablepress
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-25T13:12:42.167Z

Reserved: 2026-06-18T14:37:51.351Z

Link: CVE-2026-56051

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T23:00:13Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')