TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.