CVE-2025-5096
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-5096
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5096.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-5096
- Published
- 2025-05-23T09:15:21Z
- Modified
- 2025-05-24T02:59:57.457518Z
- Severity
-
- 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-caption', 'data-s-content-padding', 'data-s-title', and 'data-footer' data-attributes in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- References
-
- https://github.com/DataTables/DataTablesSrc/commit/d278ed307035cb8740d2fad86b7cbb995380f7bb
- https://github.com/DataTables/DataTablesSrc/commit/d558328106bef2d48dfc4cf78581dd106f5c1077
- https://datatables.net/
- https://github.com/DataTables/DataTablesSrc/blob/29539c40504365bc4be0599e4b0739cf270a2e09/js/core/core.constructor.js#L329
- https://plugins.trac.wordpress.org/browser/tablepress/tags/3.1.2/js/jquery.datatables.min.js
- https://plugins.trac.wordpress.org/changeset/3298453/tablepress
- https://tablepress.org/release-announcement-tablepress-3-1-3/
- https://wordpress.org/plugins/tablepress/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/cd2dfa02-0404-4300-a5ed-6326f9df6d30?source=cve
Affected packages
Git / github.com/datatables/datatablessrc
Affected ranges
- Type
- GIT
- Repo
- https://github.com/datatables/datatablessrc
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
1.*
1.0.1
1.10.0
1.10.0-beta.1
1.10.0-beta.2
1.10.0-rc.1
1.10.1
1.10.10
1.10.11
1.10.12
1.10.13
1.10.14
1.10.15
1.10.16
1.10.17
1.10.18
1.10.19
1.10.2
1.10.20
1.10.21
1.10.22
1.10.23
1.10.24
1.10.25
1.10.3
1.10.4
1.10.5
1.10.6
1.10.7
1.10.8
1.10.9
1.11.0
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.12.0
1.12.1
1.13.0
1.13.1
1.13.2
1.13.3
1.13.4
1.13.5
1.13.6
1.13.7
1.13.8
1.7.0
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.1.0
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
ct_101.*
ct_101.0.10
ct_101.0.11
ct_101.0.12
ct_101.0.13
ct_101.0.14
ct_101.0.15
ct_101.0.16
ct_101.0.17
ct_101.0.18
ct_101.0.19
ct_101.0.2
ct_101.0.20
ct_101.0.21
ct_101.0.22
ct_101.0.23
ct_101.0.24
ct_101.0.25
ct_101.0.26
ct_101.0.27
ct_101.0.3
ct_101.0.4
ct_101.0.5
ct_101.0.6
ct_101.0.7
ct_101.0.8
ct_101.0.9
temp_101.*
temp_101.0.1