CVE-2025-14610

Name of the Vulnerable Software and Affected Versions TableMaster for Elementor versions up to and including 1.3.6

Description The TableMaster for Elementor plugin for WordPress is susceptible to Server-Side Request Forgery. This occurs because the plugin does not limit the URLs that can be accessed when importing CSV data from a URL using the Data Table widget. Authenticated attackers with Author-level access or higher can make web requests to arbitrary locations, including localhost and internal network services. Sensitive files, such as wp-config.php, can be read through the csv url parameter.

Recommendations Update TableMaster for Elementor to a version later than 1.3.6.