CVE-2024-3282: 
WordPress vulnerability analysis and mitigation

The WP Table Builder WordPress plugin through version 1.5.0 contains a stored Cross-Site Scripting (XSS) vulnerability. This security issue was discovered in August 2024 and assigned CVE-2024-3282. The vulnerability affects the table data handling functionality within the plugin, specifically impacting WordPress installations, including multisite setups (WPScan).

The vulnerability stems from improper sanitization and escaping of table data within the plugin. This security weakness allows high-privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. The vulnerability has been assigned a CVSS v3.1 base score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (NVD).

The vulnerability enables high-privilege users to inject and store malicious scripts in table data. When other users view the affected content, the stored malicious scripts can execute in their browsers, potentially leading to unauthorized actions, data theft, or session hijacking (WPScan).

Currently, there is no known fix available for this vulnerability in the WP Table Builder plugin. Website administrators should consider restricting access to the plugin's functionality and carefully monitoring any table content created through the plugin until a security update is released (WPScan).