{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14610", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-12T20:18:16.786Z", "datePublished": "2026-01-28T05:30:19.732Z", "dateUpdated": "2026-04-08T17:31:53.135Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:31:53.135Z"}, "affected": [{"vendor": "bloompixel", "product": "TableMaster for Elementor \u2013 Advanced Responsive Tables for Elementor", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.3.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations, including localhost and internal network services, and read sensitive files such as wp-config.php via the 'csv_url' parameter."}], "title": "TableMaster for Elementor <= 1.3.6 - Authenticated (Author+) Server-Side Request Forgery via 'csv_url' Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ef07d6b0-ccdb-4b33-817f-6d4b3ad96243?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/tablemaster-for-elementor/trunk/modules/data-table/widgets/data-table.php#L446"}, {"url": "https://plugins.trac.wordpress.org/browser/tablemaster-for-elementor/tags/1.3.6/modules/data-table/widgets/data-table.php#L446"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3442158%40tablemaster-for-elementor&new=3442158%40tablemaster-for-elementor&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "cweId": "CWE-918", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}, {"lang": "en", "type": "finder", "value": "Itthidej Aramsri"}, {"lang": "en", "type": "finder", "value": "Powpy"}, {"lang": "en", "type": "finder", "value": "Waris Damkham"}, {"lang": "en", "type": "finder", "value": "Varakorn Chanthasri"}, {"lang": "en", "type": "finder", "value": "Peerapat Samatathanyakorn"}, {"lang": "en", "type": "finder", "value": "Sopon Tangpathum (SoNaJaa)"}], "timeline": [{"time": "2026-01-05T08:21:43.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-01-27T17:21:05.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-28T20:50:13.706291Z", "id": "CVE-2025-14610", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T20:50:21.870Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14610", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-28T20:50:13.706291Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T20:50:18.827Z"}}], "cna": {"title": "TableMaster for Elementor <= 1.3.6 - Authenticated (Author+) Server-Side Request Forgery via 'csv_url' Parameter", "credits": [{"lang": "en", "type": "finder", "value": "Athiwat Tiprasaharn"}, {"lang": "en", "type": "finder", "value": "Itthidej Aramsri"}, {"lang": "en", "type": "finder", "value": "Powpy"}, {"lang": "en", "type": "finder", "value": "Waris Damkham"}, {"lang": "en", "type": "finder", "value": "Varakorn Chanthasri"}, {"lang": "en", "type": "finder", "value": "Peerapat Samatathanyakorn"}, {"lang": "en", "type": "finder", "value": "Sopon Tangpathum (SoNaJaa)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "bloompixel", "product": "TableMaster for Elementor \u2013 Advanced Responsive Tables for Elementor", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.3.6"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-05T08:21:43.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-01-27T17:21:05.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ef07d6b0-ccdb-4b33-817f-6d4b3ad96243?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/tablemaster-for-elementor/trunk/modules/data-table/widgets/data-table.php#L446"}, {"url": "https://plugins.trac.wordpress.org/browser/tablemaster-for-elementor/tags/1.3.6/modules/data-table/widgets/data-table.php#L446"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3442158%40tablemaster-for-elementor&new=3442158%40tablemaster-for-elementor&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations, including localhost and internal network services, and read sensitive files such as wp-config.php via the 'csv_url' parameter."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-01-28T05:30:19.732Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14610", "state": "PUBLISHED", "dateUpdated": "2026-01-28T20:50:21.870Z", "dateReserved": "2025-12-12T20:18:16.786Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-28T05:30:19.732Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations, including localhost and internal network services, and read sensitive files such as wp-config.php via the 'csv_url' parameter."}, {"lang": "es", "value": "El plugin TableMaster para Elementor para WordPress es vulnerable a falsificaci\u00f3n de petici\u00f3n del lado del servidor en todas las versiones hasta la 1.3.6, inclusive. Esto se debe a que el plugin no restringe qu\u00e9 URLs pueden ser obtenidas al importar datos CSV desde una URL en el widget 'Data Table'. Esto hace posible que atacantes autenticados, con acceso de nivel Autor o superior, realicen peticiones web a ubicaciones arbitrarias, incluyendo localhost y servicios de red internos, y lean archivos sensibles como wp-config.php a trav\u00e9s del par\u00e1metro 'csv_url'."}], "id": "CVE-2025-14610", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-01-28T06:15:48.457", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/tablemaster-for-elementor/tags/1.3.6/modules/data-table/widgets/data-table.php#L446"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/tablemaster-for-elementor/trunk/modules/data-table/widgets/data-table.php#L446"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3442158%40tablemaster-for-elementor&new=3442158%40tablemaster-for-elementor&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ef07d6b0-ccdb-4b33-817f-6d4b3ad96243?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T20:59:00.930140+00:00", "value": {"mitigation_remediation": ["Update the TableMaster for Elementor plugin to version\u00a01.3.7 or later, where the CSV import URL filtering has been implemented.", "If an immediate update is not possible, disable the CSV import feature in the Data Table widget or remove the 'csv_url' parameter using a custom function to prevent arbitrary URL requests.", "Restrict the capability of Author and higher roles to reduce the number of users who can access the widget, or apply stricter access controls through role\u2011management plugins."], "summary": {"action": "Apply Patch", "impact": "Server\u2011Side Request Forgery"}, "threat_synthesis": {"affected_systems": "Vendor bloompixel offers TableMaster for Elementor \u2013 Advanced Responsive Tables for Elementor. All plugin releases up to and including version\u00a01.3.6 are affected.", "description_and_impact": "The TableMaster for Elementor plugin for WordPress is vulnerable to Server\u2011Side Request Forgery in all versions up to 1.3.6. The flaw occurs because the plugin does not restrict the URLs that can be fetched when importing CSV data via the 'csv_url' parameter. An authenticated user with Author-level access and above can supply any URL, causing the plugin to perform web requests on their behalf. This allows the attacker to reach arbitrary locations, including localhost and internal network services, and read sensitive files such as wp-config.php. The weakness is a classic example of CWE\u2011918: Server\u2011Side Request Forgery.", "risk_and_exploitability": "The CVSS score of 7.2 indicates a medium severity flaw. The EPSS score of less than 1% suggests that, at the time of analysis, exploitation is unlikely but still possible. The vulnerability is not listed in the CISA KEV catalog. The attack vector requires an authenticated author\u2011level or higher attacker with access to the Data Table widget, who supplies a crafted 'csv_url' value. Once exploited, the attacker can read sensitive configuration files or access internal resources, leading to potential data exposure and compromise of the site\u2019s integrity."}}}}, "created": "2026-01-28T12:21:35.719981+00:00", "updated": "2026-04-20T21:00:12.968149+00:00", "vendors": ["bloompixel", "bloompixel$PRODUCT$tablemaster_for_elementor", "elementor", "elementor$PRODUCT$elementor", "wordpress", "wordpress$PRODUCT$wordpress"]}