Esta página ainda não foi traduzida para o seu idioma. Exibindo conteúdo em inglês enquanto trabalhamos nisso.
💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.
CVE-2025-32218: Unauthorized Access in TableOn WordPress Plugin
Plataforma
wordpress
Componente
posts-table-filterable
Corrigido em
1.0.6
CVE-2025-32218 affects the TableOn – WordPress Posts Table Filterable plugin, a popular WordPress extension. This vulnerability allows authenticated attackers, specifically those with Subscriber-level access or higher, to execute unauthorized actions within the plugin. The issue stems from a missing capability check, enabling privilege escalation. Affected versions include those prior to 1.0.6, with a fix released in version 1.0.6.
Detecte esta CVE no seu projeto
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Impacto e Cenários de Ataquetraduzindo…
The primary impact of CVE-2025-32218 is unauthorized access and potential data manipulation. An attacker with Subscriber privileges could leverage this vulnerability to modify table configurations, potentially exposing sensitive data or altering the plugin's functionality. While the attacker requires authentication, the ease of obtaining Subscriber access on many WordPress sites significantly broadens the attack surface. This could lead to defacement, data breaches, or even the injection of malicious code through the plugin's interface. The blast radius is limited to the scope of the plugin's functionality and the data it manages, but the potential for disruption and data compromise remains significant.
Contexto de Exploraçãotraduzindo…
CVE-2025-32218 is currently not listed on KEV or EPSS, indicating a low to medium probability of active exploitation. Public proof-of-concept (POC) code has not been widely reported. The vulnerability was published on 2025-04-04, and it’s possible that threat actors are actively analyzing it. Monitor WordPress security forums and vulnerability databases for any signs of exploitation.
Inteligência de Ameaças
Status do Exploit
EPSS
0.34% (percentil 56%)
CISA SSVC
Vetor CVSS
O que significam essas métricas?
- Attack Vector
- Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
- Attack Complexity
- Baixa — sem condições especiais. O atacante pode explorar de forma confiável.
- Privileges Required
- Baixo — qualquer conta de usuário válida é suficiente.
- User Interaction
- Nenhuma — ataque automático e silencioso. A vítima não faz nada.
- Scope
- Inalterado — impacto limitado ao componente vulnerável.
- Confidentiality
- Nenhum — sem impacto na confidencialidade.
- Integrity
- Baixo — o atacante pode modificar alguns dados com alcance limitado.
- Availability
- Nenhum — sem impacto na disponibilidade.
Software Afetado
Classificação de Fraqueza (CWE)
Linha do tempo
- Reservado
- Publicada
- Modificada
- EPSS atualizado
Mitigação e Soluções Alternativastraduzindo…
The primary mitigation for CVE-2025-32218 is to immediately upgrade the TableOn – WordPress Posts Table Filterable plugin to version 1.0.6 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider temporarily restricting access to the plugin's administrative interface to users with higher privileges. While a WAF or proxy rule cannot directly address the missing capability check, implementing strict access controls and monitoring plugin activity can help detect and prevent exploitation attempts. Regularly review user roles and permissions within WordPress to ensure the principle of least privilege is enforced.
Como corrigir
Atualize para a versão 1.0.6, ou uma versão corrigida mais recente
Perguntas frequentestraduzindo…
What is CVE-2025-32218 — Unauthorized Access in TableOn WordPress Plugin?
CVE-2025-32218 is a medium severity vulnerability affecting the TableOn WordPress plugin. It allows authenticated attackers with Subscriber access to perform unauthorized actions due to a missing capability check, potentially leading to data manipulation or plugin compromise.
Am I affected by CVE-2025-32218 in TableOn WordPress Plugin?
You are affected if you are using TableOn WordPress Posts Table Filterable plugin versions equal to or less than 1.0.5.1. Check your plugin version and upgrade immediately if vulnerable.
How do I fix CVE-2025-32218 in TableOn WordPress Plugin?
Upgrade the TableOn WordPress Posts Table Filterable plugin to version 1.0.6 or later. If upgrading is not immediately possible, restrict access to the plugin's administrative interface to users with higher privileges.
Is CVE-2025-32218 being actively exploited?
Currently, there are no widespread reports of active exploitation. However, it's possible that threat actors are analyzing the vulnerability, so vigilance is advised.
Where can I find the official TableOn advisory for CVE-2025-32218?
Refer to the TableOn plugin's official website or WordPress plugin repository for the latest advisory and update information regarding CVE-2025-32218.
Seu projeto está afetado?
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Detecte esta CVE no seu projeto
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Escaneie seu projeto WordPress agora — sem conta
Faça upload de qualquer manifesto (composer.lock, package-lock.json, lista de plugins WordPress…) ou cole sua lista de componentes. Receba um relatório de vulnerabilidades instantaneamente. Fazer upload de um arquivo é só o começo: com uma conta, você obtém monitoramento contínuo, alertas por Slack/email, relatórios multiprojeto e white-label.
Arraste e solte seu arquivo de dependências
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...