WP Table Builder CVE-2025-13753: Incorrect Authorization Allowing Arbitrary Table Creation by Authenticated Users

Vulnerability Key Information Summary Vulnerability Overview CVE ID: CVE-2025-13753 Vulnerability Name: WP Table Builder – Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation (WP Table Builder – 认证用户（Subscriber+）任意表格创建的不正确授权) Description: This vulnerability exists within the WP Table Builder plugin. Although site administrators have configured settings to allow only specific roles to manage tables, low-privileged authenticated users (such as Subscribers) can still create new tables. Root Cause: An AJAX endpoint ( ) in the plugin introduces an alternative access path that relies solely on the value of a nonce, completely bypassing capability checks. Consequently, the security code functions as a bearer token rather than an access control boundary. Scope of Impact Affected Plugin: WP Table Builder Affected Versions: <= 2.0.19 Active Installations: 50,000+ Researcher: Dmitri Ignatyev POC Code Remediation Server-Side Authorization: The fix requires enforcing authorization on the server side for each mutation endpoint (such as ). Check Role Capabilities: Before processing a request, the handler must require the plugin's allowed role capabilities and verify them using . Correct Usage of Security Codes: Security codes should be used solely for request authentication, not for authorization decisions. Granular Checks: If the plugin supports different permission levels, capability checks should be more granular and aligned with the configured allowed roles. Reduce Attack Surface: Checks should occur before parsing attacker-supplied JSON. Rotate Nonces: Site owners should review any pages exposing and rotate any nonces created by low-privileged accounts.

Goal Reached Thanks to every supporter — we hit 100%!

WP Table Builder CVE-2025-13753: Incorrect Authorization Allowing Arbitrary Table Creation by Authenticated Users