PT-2026-1216 · WordPress · Flextable
Published
2026-01-05
·
Updated
2026-01-05
·
CVE-2025-9543
CVSS v3.1
3.5
Low
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
FlexTable WordPress plugin versions prior to 3.19.2
Description
The FlexTable WordPress plugin does not properly sanitise and escape imported links from Google Sheet cells. This could allow users with high privileges, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks. This is possible even when the
unfiltered html capability is disabled, for example, in a multisite setup.Recommendations
Update the FlexTable WordPress plugin to version 3.19.2 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Flextable