CVE-2024-9595: 
WordPress vulnerability analysis and mitigation

The TablePress WordPress plugin (versions up to and including 2.4.2) contains a Stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2024-9595. The vulnerability exists in the table cell content functionality due to insufficient input sanitization and output escaping. This security issue was discovered by Max Boll (_b0lli) and was publicly disclosed on October 11, 2024 (WPScan, NVD).

The vulnerability is classified as a Stored Cross-Site Scripting (CWE-79) issue with a CVSS v3.1 base score of 6.4 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N. The security flaw stems from improper input validation and output escaping mechanisms in the table cell content feature (Wordfence).

When exploited, this vulnerability allows authenticated attackers with Author-level privileges or higher to inject malicious web scripts into pages. These injected scripts will execute whenever any user accesses the compromised page, potentially leading to data theft, session hijacking, or other malicious actions (NVD).

The vulnerability has been patched in TablePress version 2.4.3. Site administrators are strongly advised to update to this version or later to mitigate the security risk (WPScan).