ThreatPress

WordPress Vulnerabilities Database

Back

WordPress TablePress plugin <=1.8 - Authenticated XML External Entity (XXE) vulnerability

Product
TablePress
Description
Authenticated XML External Entity (XXE) vulnerability found by Yuji Tounai of NTT Communications Corporation in WordPress TablePress plugin (versions <=1.8).
Solution
Update the WordPress TablePress plugin to the latest available version (at least version 1.8.1).
Classification
Type XML External Entity (XXE)
References
Plugin changelog
Japan Vulnerability Notes
CVE
Name CVE-2017-10889
Versions
Affected In <=1.8
Fixed In 1.8.1
Disclosure date
2017-11-26
Credits
Yuji Tounai of NTT Communications Corporation
Submitter
ThreatPress