CVE-2023-1890

Name of the Vulnerable Software and Affected Versions Tablesome WordPress plugin versions prior to 1.0.9

Description The issue is related to the Tablesome WordPress plugin, which does not properly escape generated URLs before outputting them in attributes when certain notices are displayed. This leads to Reflected Cross-Site Scripting, allowing a remote attacker to conduct inter-site script attacks.

Recommendations For versions prior to 1.0.9, update to version 1.0.9 or later to resolve the issue. As a temporary workaround, consider disabling the display of notices that contain generated URLs until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation.