CVE-2024-12772: Ninja Tables < 5.0.17 - Admin+ Stored XSS

Description

The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability.

Classification

CVE ID: CVE-2024-12772

Affected Products

Vendor: Unknown

Product: Ninja Tables

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.77% (scored less or equal to compared to others)

EPSS Date: 2025-03-01 (when was this score calculated)

References

https://wpscan.com/vulnerability/7b6d0f95-6632-4079-8c1b-517a8d02c330/

Timeline

2025-02-01 00:30:20 UTC
CVE

Ninja Tables < 5.0.17 - Admin+ Stored XSS