CVE-2025-2685
TablePress – Tables in WordPress made easy <= 3.0.4 - Authenticated (Author+) Stored Cross-Site ScriptingThe TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
We have discovered 86,377 live websites that are affected by CVE-2025-2685.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 86,377 live websites (44% of TablePress install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 55 versions ( 85% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Mar 27, 2025
- Updated - Mar 27, 2025
Credits
- SavPhill (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-2685 United States | 17,045 websites |
 Japan | 11,707 websites |
 Germany | 10,897 websites |
 Russia | 5,527 websites |
 France | 4,712 websites |
 GB | 3,496 websites |
 Italy | 3,023 websites |
 Netherlands | 2,326 websites |
 Poland | 2,147 websites |
 Canada | 1,346 websites |
Website Distribution by TLD
Number of websites using CVE-2025-2685| .com | 28,951 websites |
| .de | 7,356 websites |
| .ru | 4,620 websites |
| .org | 4,609 websites |
| .net | 2,809 websites |
| .jp | 2,476 websites |
| .it | 2,192 websites |
| .fr | 2,189 websites |
| .nl | 2,066 websites |
| .co.uk | 2,039 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-2685
Top websites that are affected by CVE-2025-2685. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.org | United States | *** | |
| ****.br |  Brazil | *** | |
| *****.net |  Singapore | *** | |
| ****.******.com | Singapore | *** | |
| ******.de | Germany | *,*** | |
| *******.org | United States | *,*** | |
| ***.org | United States | *,*** | |
| *********.me | United States | *,*** | |
| *****.com | United States | *,*** | |
| ***.***.edu | United States | *,*** |
FAQ
CVE-2025-2685 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in TablePress
A total of 86,377 websites have been identified as vulnerable to CVE-2025-2685, based on global website indexing conducted by WebTechSurvey.
The TablePress is affected by the CVE-2025-2685 vulnerability.
TablePress versions up to and including 3.0.4 are vulnerable to CVE-2025-2685.