CVE-2024-9595
TablePress <= 2.4.2 - Authenticated (Author+) Stored Cross-Site ScriptingThe TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 109,234 live websites that are affected by CVE-2024-9595.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 109,234 live websites (58.13% of TablePress install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 49 versions ( 81.67% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Oct 12, 2024
- Updated - Oct 15, 2024
Credits
- Max Boll (finder)
CWE
CVE References
CWE References
CVE-2024-9595 usage by Country
 United States | 28,322 websites |
 Germany | 14,666 websites |
 Japan | 13,277 websites |
 France | 6,220 websites |
 Russia | 6,007 websites |
 GB | 3,660 websites |
 Netherlands | 2,728 websites |
 Poland | 2,677 websites |
 Italy | 2,006 websites |
 Switzerland | 1,558 websites |
CVE-2024-9595 usage by TLD
| .com | 38,075 websites |
| .de | 8,907 websites |
| .org | 6,115 websites |
| .ru | 5,381 websites |
| .net | 3,520 websites |
| .jp | 2,864 websites |
| .fr | 2,637 websites |
| .nl | 2,597 websites |
| .co.uk | 2,546 websites |
| .pl | 2,156 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-9595
Top websites that are affected by CVE-2024-9595. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.org | United States | *** | |
| *****.net |  Singapore | *** | |
| ****.******.com | Singapore | *** | |
| *********.com | United States | *,*** | |
| ***.org | United States | *,*** | |
| *********.me | United States | *,*** | |
| *****.com | United States | *,*** | |
| ***.***.edu | United States | *,*** | |
| *********.org | United States | **,*** | |
| ****.***.tr |  Turkey | **,*** |
FAQ
CVE-2024-9595 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in TablePress
A total of 109,234 websites have been identified as vulnerable to CVE-2024-9595, discovered through global website indexing conducted by WebTechSurvey.
TablePress is susceptible to CVE-2024-9595 vulnerability.
TablePress versions before, and including, 2.4.2 are vulnerable to CVE-2024-9595.