CVE-2026-56051

Name of the Vulnerable Software and Affected Versions TablePress versions prior to 3.3.2

Description An unauthenticated cross-site scripting (XSS) flaw allows malicious script content to be injected via user-controlled input rendered by the plugin. The issue stems from improper input validation and output escaping, which enables stored or reflected script execution in plugin-generated pages. A remote attacker can submit crafted payloads that execute client-side code in the browser of site visitors or administrators, potentially leading to session hijacking, credential theft, admin action forgery, and full site takeover.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.