{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-69316", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-31T20:12:13.401Z", "datePublished": "2026-01-22T16:52:32.711Z", "dateUpdated": "2026-04-28T16:14:37.549Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "posts-table-filterable", "product": "TableOn", "vendor": "RealMag777", "versions": [{"changes": [{"at": "1.0.4.3", "status": "unaffected"}], "lessThanOrEqual": "1.0.4.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Skalucy | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:21:07.033Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn posts-table-filterable allows Reflected XSS.<p>This issue affects TableOn: from n/a through <= 1.0.4.2.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn posts-table-filterable allows Reflected XSS.This issue affects TableOn: from n/a through <= 1.0.4.2."}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "Reflected XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:37.549Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/posts-table-filterable/vulnerability/wordpress-tableon-plugin-1-0-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "title": "WordPress TableOn plugin <= 1.0.4.2 - Reflected Cross Site Scripting (XSS) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-23T21:16:06.486372Z", "id": "CVE-2025-69316", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T19:50:26.664Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-69316", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-23T21:16:06.486372Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-23T21:16:03.915Z"}}], "cna": {"title": "WordPress TableOn plugin <= 1.0.4.2 - Reflected Cross Site Scripting (XSS) vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Skalucy | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "Reflected XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "RealMag777", "product": "TableOn", "versions": [{"status": "affected", "changes": [{"at": "1.0.4.3", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "1.0.4.2"}], "packageName": "posts-table-filterable", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:21:07.033Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/posts-table-filterable/vulnerability/wordpress-tableon-plugin-1-0-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn posts-table-filterable allows Reflected XSS.This issue affects TableOn: from n/a through <= 1.0.4.2.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn posts-table-filterable allows Reflected XSS.<p>This issue affects TableOn: from n/a through <= 1.0.4.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:14:00.553Z"}}}, "cveMetadata": {"cveId": "CVE-2025-69316", "state": "PUBLISHED", "dateUpdated": "2026-04-27T19:50:26.664Z", "dateReserved": "2025-12-31T20:12:13.401Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-01-22T16:52:32.711Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn posts-table-filterable allows Reflected XSS.This issue affects TableOn: from n/a through <= 1.0.4.2."}, {"lang": "es", "value": "Neutralizaci\u00f3n Incorrecta de la Entrada Durante la Generaci\u00f3n de P\u00e1ginas Web ('cross-site scripting') vulnerabilidad en RealMag777 TableOn posts-table-filterable permite XSS Reflejado. Este problema afecta a TableOn: desde n/a hasta &lt;= 1.0.4.2."}], "id": "CVE-2025-69316", "lastModified": "2026-04-27T21:16:23.773", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2026-01-22T17:16:27.333", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/posts-table-filterable/vulnerability/wordpress-tableon-plugin-1-0-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T18:07:14.282390+00:00", "value": {"mitigation_remediation": ["Update the TableOn plugin to a version newer than 1.0.4.2 when released", "If an upgrade is not possible, disable or remove any functionality that accepts user supplied input that is reflected back without proper encoding", "Configure a Web Application Firewall to filter outbound data for unescaped script or malicious HTML fragments"], "summary": {"action": "Apply Patch", "impact": "Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "WordPress sites that have the RealMag777 TableOn posts\u2011filterable plugin installed with version 1.0.4.2 or earlier. No other WordPress plugins or core versions are affected.", "description_and_impact": "Improper neutralization of input caused a reflected XSS flaw in RealMag777 TableOn posts\u2011filterable plugin versions up to and including 1.0.4.2. The vulnerability allows an attacker to inject arbitrary HTML or JavaScript that is echoed back in the victim\u2019s browser, potentially enabling session hijacking, credential theft, or defacement of the site. The flaw meets CWE\u201179 and its impact is confined to the individual user who views the crafted request; it does not provide persistence or server\u2011side code execution.", "risk_and_exploitability": "The CVSS score of 7.1 indicates a high severity, driven by user interaction and state\u2011less exploitation. The EPSS score of <1% suggests that active exploitation is unlikely at present, and the flaw is not listed in the CISA KEV database. An attacker would need to supply a crafted query string or form input that the plugin reflects unescaped. The necessary conditions are external and remote, but user action (clicking a link or submitting a form) is required to trigger the XSS."}}}}, "created": "2026-01-23T16:28:33.639724+00:00", "updated": "2026-04-28T18:15:37.362451+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}