Cyber Resilience

CVE-2023-1890

MediumPublic PoC

Published: 15 May 2023

Published
15 May 2023
Modified
24 January 2025
KEV Added
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score 0.0817 92.4th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-1890 is a medium-severity an unspecified weakness vulnerability in Pauple Tablesome. Its CVSS base score is 6.1 (Medium).

Operationally, ranked in the top 7.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

The Tablesome WordPress plugin before version 1.0.9 contains a reflected cross-site scripting vulnerability. The root cause is a failure to escape multiple generated URLs before they are emitted inside HTML attributes when plugin notices are rendered, allowing attacker-controlled content to be injected into the page output.

An unauthenticated attacker can supply a crafted URL that triggers the notices; when a victim interacts with the link, script executes in the context of the affected site. The flaw carries a CVSS 3.1 score of 6.1 and requires user interaction but no privileges, with changed scope and limited impact on confidentiality and integrity.

Public references, including entries on WPScan and Packet Storm, document the issue and provide proof-of-concept material. The associated EPSS score reached a peak of 0.1082 before receding to its current value of 0.0817.

EU & UK References

Vulnerability details

The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting

CWE(s)
None listed

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

pauple
tablesome
≤ 1.0.9

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References