Cette page n'a pas encore été traduite dans votre langue. Affichage du contenu en anglais pendant que nous y travaillons.
💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.
CVE-2025-32218: Unauthorized Access in TableOn WordPress Plugin
Plateforme
wordpress
Composant
posts-table-filterable
Corrigé dans
1.0.6
CVE-2025-32218 affects the TableOn – WordPress Posts Table Filterable plugin, a popular WordPress extension. This vulnerability allows authenticated attackers, specifically those with Subscriber-level access or higher, to execute unauthorized actions within the plugin. The issue stems from a missing capability check, enabling privilege escalation. Affected versions include those prior to 1.0.6, with a fix released in version 1.0.6.
Détecte cette CVE dans ton projet
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Impact et Scénarios d'Attaquetraduction en cours…
The primary impact of CVE-2025-32218 is unauthorized access and potential data manipulation. An attacker with Subscriber privileges could leverage this vulnerability to modify table configurations, potentially exposing sensitive data or altering the plugin's functionality. While the attacker requires authentication, the ease of obtaining Subscriber access on many WordPress sites significantly broadens the attack surface. This could lead to defacement, data breaches, or even the injection of malicious code through the plugin's interface. The blast radius is limited to the scope of the plugin's functionality and the data it manages, but the potential for disruption and data compromise remains significant.
Contexte d'Exploitationtraduction en cours…
CVE-2025-32218 is currently not listed on KEV or EPSS, indicating a low to medium probability of active exploitation. Public proof-of-concept (POC) code has not been widely reported. The vulnerability was published on 2025-04-04, and it’s possible that threat actors are actively analyzing it. Monitor WordPress security forums and vulnerability databases for any signs of exploitation.
Renseignement sur les Menaces
Statut de l'Exploit
EPSS
0.34% (percentile 56%)
CISA SSVC
Vecteur CVSS
Que signifient ces métriques?
- Attack Vector
- Réseau — exploitable à distance via internet. Aucun accès physique ou local requis.
- Attack Complexity
- Faible — aucune condition spéciale requise. Exploitable de manière fiable.
- Privileges Required
- Faible — tout compte utilisateur valide est suffisant.
- User Interaction
- Aucune — attaque automatique et silencieuse. La victime ne fait rien.
- Scope
- Inchangé — impact limité au composant vulnérable.
- Confidentiality
- Aucun — aucun impact sur la confidentialité.
- Integrity
- Faible — l'attaquant peut modifier certaines données avec un impact limité.
- Availability
- Aucun — aucun impact sur la disponibilité.
Logiciel Affecté
Classification de Faiblesse (CWE)
Chronologie
- Réservé
- Publiée
- Modifiée
- EPSS mis à jour
Mitigation et Contournementstraduction en cours…
The primary mitigation for CVE-2025-32218 is to immediately upgrade the TableOn – WordPress Posts Table Filterable plugin to version 1.0.6 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider temporarily restricting access to the plugin's administrative interface to users with higher privileges. While a WAF or proxy rule cannot directly address the missing capability check, implementing strict access controls and monitoring plugin activity can help detect and prevent exploitation attempts. Regularly review user roles and permissions within WordPress to ensure the principle of least privilege is enforced.
Comment corriger
Mettre à jour vers la version 1.0.6, ou une version corrigée plus récente
Questions fréquentestraduction en cours…
What is CVE-2025-32218 — Unauthorized Access in TableOn WordPress Plugin?
CVE-2025-32218 is a medium severity vulnerability affecting the TableOn WordPress plugin. It allows authenticated attackers with Subscriber access to perform unauthorized actions due to a missing capability check, potentially leading to data manipulation or plugin compromise.
Am I affected by CVE-2025-32218 in TableOn WordPress Plugin?
You are affected if you are using TableOn WordPress Posts Table Filterable plugin versions equal to or less than 1.0.5.1. Check your plugin version and upgrade immediately if vulnerable.
How do I fix CVE-2025-32218 in TableOn WordPress Plugin?
Upgrade the TableOn WordPress Posts Table Filterable plugin to version 1.0.6 or later. If upgrading is not immediately possible, restrict access to the plugin's administrative interface to users with higher privileges.
Is CVE-2025-32218 being actively exploited?
Currently, there are no widespread reports of active exploitation. However, it's possible that threat actors are analyzing the vulnerability, so vigilance is advised.
Where can I find the official TableOn advisory for CVE-2025-32218?
Refer to the TableOn plugin's official website or WordPress plugin repository for the latest advisory and update information regarding CVE-2025-32218.
Ton projet est-il affecté ?
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Détecte cette CVE dans ton projet
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Scannez votre projet WordPress maintenant — sans compte
scanZone.subtitle
Glissez-déposez votre fichier de dépendances
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...