CVE-2024-34574 in Table Maker Plugin
Summary
by MITRE • 05/08/2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpsoul Table Maker allows Stored XSS.This issue affects Table Maker: from n/a through 1.9.1.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/31/2025
This vulnerability represents a critical cross-site scripting flaw in the Wpsoul Table Maker plugin, specifically classified as a stored XSS vulnerability under CWE-79 which addresses improper neutralization of input during web page generation. The vulnerability exists within the plugin's handling of user input that gets stored and subsequently reflected in web pages without adequate sanitization or encoding mechanisms. Attackers can exploit this weakness by injecting malicious scripts into the plugin's data storage mechanisms, which then execute whenever legitimate users view the affected web pages.
The technical exploitation occurs when malicious input is submitted through the plugin's interface and stored in the database or application memory. When other users access pages that display this stored data, the malicious scripts execute in their browsers within the context of the vulnerable application. This stored nature distinguishes it from reflected XSS attacks where the malicious input is immediately reflected back to the user. The vulnerability affects all versions of the Table Maker plugin from the initial release through version 1.9.1, indicating a long-standing flaw that has not been properly addressed.
The operational impact of this vulnerability is severe as it allows attackers to perform a wide range of malicious activities including session hijacking, credential theft, data exfiltration, and redirection to malicious sites. An attacker who successfully exploits this vulnerability can impersonate legitimate users, potentially gaining administrative privileges if the affected users have elevated access rights. The stored nature of the XSS payload means that even users who are not actively interacting with the vulnerable system can be compromised simply by viewing pages that contain the malicious content.
Mitigation strategies should include immediate patching of the affected plugin to version 1.9.2 or later, which should contain the necessary input sanitization fixes. Additionally, administrators should implement proper input validation and output encoding mechanisms, particularly for any user-supplied content that gets rendered in web pages. Network segmentation and monitoring for suspicious script injections can provide additional layers of defense. The vulnerability aligns with ATT&CK technique T1566.001 for initial access through malicious HTML email and T1059.007 for command and scripting interpreter. Regular security audits and input validation testing should be implemented to prevent similar issues in the future. Organizations should also consider implementing content security policies to limit the execution of unauthorized scripts, and maintain up-to-date security monitoring to detect potential exploitation attempts.