Description

The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Related CPE's

Could not find any relations

References

https://wpscan.com/vulnerability/6cc212f4-aa61-409a-b257-9c920956a401/

Weaknesses

Could not find any weaknesses

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

3.5 · Low

Information

Source identifier

[email protected]

Vulnerability status

Received

Published

2026-01-05T06:16:04.017Z

42 hours ago

Last modified

2026-01-05T17:15:47.000Z

31 hours ago