CVE-2024-9595
TablePress <= 2.4.2 - Authenticated (Author+) Stored Cross-Site ScriptingThe TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the table cell content in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 58,038 live websites that are affected by CVE-2024-9595.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 58,038 live websites (32% of TablePress install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 48 versions ( 70% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Oct 12, 2024
- Updated - Apr 8, 2026
Credits
- Max Boll (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-9595 United States | 11,761 websites |
 Germany | 7,274 websites |
 Japan | 6,342 websites |
 Russia | 4,379 websites |
 France | 3,202 websites |
 Italy | 2,237 websites |
 GB | 2,212 websites |
 Poland | 1,538 websites |
 Netherlands | 1,491 websites |
 Canada | 865 websites |
Website Distribution by TLD
Number of websites using CVE-2024-9595| .com | 19,352 websites |
| .de | 4,870 websites |
| .ru | 3,617 websites |
| .org | 2,940 websites |
| .net | 1,788 websites |
| .it | 1,606 websites |
| .fr | 1,495 websites |
| .jp | 1,437 websites |
| .nl | 1,310 websites |
| .co.uk | 1,287 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-9595
Top websites that are affected by CVE-2024-9595. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.org | United States | *** | |
| ****.br |  Brazil | *** | |
| *****.net | Canada | *** | |
| ****.******.com |  Singapore | *** | |
| *****.com | United States | *,*** | |
| ***.***.edu | United States | *,*** | |
| *****.com | United States | *,*** | |
| *********.org | United States | **,*** | |
| *******************.ro |  Romania | **,*** | |
| ****.****.br | Brazil | **,*** |
FAQ
CVE-2024-9595 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in TablePress
A total of 58,038 websites have been identified as vulnerable to CVE-2024-9595, based on global website indexing conducted by WebTechSurvey.
The TablePress is affected by the CVE-2024-9595 vulnerability.
TablePress versions up to and including 2.4.2 are vulnerable to CVE-2024-9595.