Deze pagina is nog niet vertaald naar uw taal. We werken eraan — de inhoud wordt voorlopig in het Engels weergegeven.
💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.
CVE-2025-32218: Unauthorized Access in TableOn WordPress Plugin
Platform
wordpress
Component
posts-table-filterable
Opgelost in
1.0.6
CVE-2025-32218 affects the TableOn – WordPress Posts Table Filterable plugin, a popular WordPress extension. This vulnerability allows authenticated attackers, specifically those with Subscriber-level access or higher, to execute unauthorized actions within the plugin. The issue stems from a missing capability check, enabling privilege escalation. Affected versions include those prior to 1.0.6, with a fix released in version 1.0.6.
Detecteer deze CVE in je project
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Impact en Aanvalsscenarioswordt vertaald…
The primary impact of CVE-2025-32218 is unauthorized access and potential data manipulation. An attacker with Subscriber privileges could leverage this vulnerability to modify table configurations, potentially exposing sensitive data or altering the plugin's functionality. While the attacker requires authentication, the ease of obtaining Subscriber access on many WordPress sites significantly broadens the attack surface. This could lead to defacement, data breaches, or even the injection of malicious code through the plugin's interface. The blast radius is limited to the scope of the plugin's functionality and the data it manages, but the potential for disruption and data compromise remains significant.
Uitbuitingscontextwordt vertaald…
CVE-2025-32218 is currently not listed on KEV or EPSS, indicating a low to medium probability of active exploitation. Public proof-of-concept (POC) code has not been widely reported. The vulnerability was published on 2025-04-04, and it’s possible that threat actors are actively analyzing it. Monitor WordPress security forums and vulnerability databases for any signs of exploitation.
Dreigingsinformatie
Exploit Status
EPSS
0.34% (56% percentiel)
CISA SSVC
CVSS-vector
Wat betekenen deze metrics?
- Attack Vector
- Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
- Attack Complexity
- Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
- Privileges Required
- Laag — elk geldig gebruikersaccount is voldoende.
- User Interaction
- Geen — automatische en stille aanval. Slachtoffer doet niets.
- Scope
- Ongewijzigd — impact beperkt tot het kwetsbare component.
- Confidentiality
- Geen — geen vertrouwelijkheidsimpact.
- Integrity
- Laag — aanvaller kan enkele gegevens met beperkte omvang aanpassen.
- Availability
- Geen — geen beschikbaarheidsimpact.
Getroffen Software
Zwakheidsclassificatie (CWE)
Tijdlijn
- Gereserveerd
- Gepubliceerd
- Gewijzigd
- EPSS bijgewerkt
Mitigatie en Workaroundswordt vertaald…
The primary mitigation for CVE-2025-32218 is to immediately upgrade the TableOn – WordPress Posts Table Filterable plugin to version 1.0.6 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider temporarily restricting access to the plugin's administrative interface to users with higher privileges. While a WAF or proxy rule cannot directly address the missing capability check, implementing strict access controls and monitoring plugin activity can help detect and prevent exploitation attempts. Regularly review user roles and permissions within WordPress to ensure the principle of least privilege is enforced.
Hoe te verhelpen
Update naar versie 1.0.6, of een nieuwere gepatchte versie
Veelgestelde vragenwordt vertaald…
What is CVE-2025-32218 — Unauthorized Access in TableOn WordPress Plugin?
CVE-2025-32218 is a medium severity vulnerability affecting the TableOn WordPress plugin. It allows authenticated attackers with Subscriber access to perform unauthorized actions due to a missing capability check, potentially leading to data manipulation or plugin compromise.
Am I affected by CVE-2025-32218 in TableOn WordPress Plugin?
You are affected if you are using TableOn WordPress Posts Table Filterable plugin versions equal to or less than 1.0.5.1. Check your plugin version and upgrade immediately if vulnerable.
How do I fix CVE-2025-32218 in TableOn WordPress Plugin?
Upgrade the TableOn WordPress Posts Table Filterable plugin to version 1.0.6 or later. If upgrading is not immediately possible, restrict access to the plugin's administrative interface to users with higher privileges.
Is CVE-2025-32218 being actively exploited?
Currently, there are no widespread reports of active exploitation. However, it's possible that threat actors are analyzing the vulnerability, so vigilance is advised.
Where can I find the official TableOn advisory for CVE-2025-32218?
Refer to the TableOn plugin's official website or WordPress plugin repository for the latest advisory and update information regarding CVE-2025-32218.
Is jouw project getroffen?
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Detecteer deze CVE in je project
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Scan nu uw WordPress project — geen account
Upload een manifest (composer.lock, package-lock.json, WordPress pluginlijst…) of plak uw componentenlijst. U ontvangt direct een kwetsbaarheidsrapport. Een bestand uploaden is slechts het begin: met een account krijgt u continue monitoring, Slack/e-mail alerts, multi-project en white-label rapporten.
Sleep uw afhankelijkheidsbestand hierheen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...