CVE-2025-11817

Name of the Vulnerable Software and Affected Versions Simple Tableau Viz versions up to and including 2.0

Description The Simple Tableau Viz plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'tableau' shortcode. This is caused by inadequate input sanitization and output escaping of user-provided attributes. Authenticated attackers with contributor-level access or higher can inject malicious web scripts into pages. These scripts will execute when a user visits the compromised page.

Recommendations Update Simple Tableau Viz to a version later than 2.0.