CVE-2024-3282

Summary

CVE-2024-3282 is a vulnerability affecting the WP Table Builder WordPress plugin up to version 1.5.0, which fails to properly sanitize and escape certain table data. This flaw allows high-privilege users, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks, even in environments where the unfiltered_html capability is restricted, such as multisite setups. The vulnerability has a medium severity rating with a base score of 4.8 and requires user interaction for exploitation. To remediate this issue, users should update the WP Table Builder plugin to the latest version that addresses this vulnerability. If exploited, the vulnerability poses a risk of unauthorized data manipulation and could compromise the integrity of affected websites.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.