CVE-2013-1463 in WP-Table Reloadedinfo

Summary

by MITRE • 01/25/2023

Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be the same vulnerability as CVE-2013-1808. If so, it is likely that CVE-2013-1463 will be REJECTed.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 04/03/2025

The vulnerability identified as CVE-2013-1463 represents a cross-site scripting flaw within the WP-Table Reloaded WordPress module, specifically affecting versions prior to 1.9.4. This security weakness resides in the js/tabletools/zeroclipboard.swf component of the plugin, which is utilized for clipboard functionality in table operations. The vulnerability stems from inadequate input validation and sanitization of user-supplied data, particularly when processing the id parameter through the flash-based clipboard utility. Attackers can exploit this weakness by injecting malicious web scripts or HTML content that gets executed in the context of other users' browsers who access affected tables. The vulnerability is classified under CWE-79 as a classic cross-site scripting attack, where untrusted data flows from a web application into a web browser without proper sanitization or encoding.

The operational impact of this vulnerability extends beyond simple script injection, as it can enable attackers to perform various malicious activities including session hijacking, credential theft, and redirection to malicious websites. The exploitation occurs when a remote attacker crafts a specially formatted id parameter that contains malicious code, which then gets processed by the vulnerable flash component and executed in the victim's browser. This creates a persistent threat vector that can affect any WordPress site running the vulnerable WP-Table Reloaded plugin version. The vulnerability aligns with ATT&CK technique T1531 by enabling unauthorized access to user sessions and data, while also supporting T1059 through the execution of malicious scripts in user browsers. The attack chain typically involves initial compromise through web application exploitation followed by session manipulation or data exfiltration.

Mitigation strategies for CVE-2013-1463 primarily involve immediate patching of the WP-Table Reloaded plugin to version 1.9.4 or later, which contains the necessary input validation fixes. Administrators should also implement comprehensive input sanitization measures including parameter validation, output encoding, and content security policies to prevent similar vulnerabilities in other components. Network-based protections such as web application firewalls can provide additional layers of defense by monitoring for suspicious parameter patterns. The vulnerability demonstrates the importance of securing third-party components in WordPress environments, as the flash-based clipboard functionality represents a legacy technology that introduces additional attack surface. Security monitoring should include detection of unusual parameter patterns in table-related requests, and regular security audits should verify that all installed plugins and themes are up to date with the latest security patches. Organizations should also consider implementing automated patch management systems to ensure timely remediation of known vulnerabilities, as this particular flaw could be exploited by automated scanning tools that target known WordPress plugin vulnerabilities.

Reservation

01/29/2013

Disclosure

02/07/2013

Moderation

accepted

Entry

VDB-63522

CPE

ready

Exploit

Download

EPSS

0.06350

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!