CVE-2024-23825

Name of the Vulnerable Software and Affected Versions TablePress versions prior to 2.2.5

Description The issue arises from insufficient filtering of user input for URLs used in external HTTP requests for importing tables. This can lead to sending requests to unintended network locations and receiving responses. In cloud environments like AWS, an attacker could potentially make GET requests to the instance's metadata REST API, leading to exposure of internal data, including credentials, if the instance's configuration is insecure.

Recommendations For versions prior to 2.2.5, update to version 2.2.5 to resolve the issue. As a temporary workaround, consider restricting user input for table import URLs to minimize the risk of exploitation.