Browse all 3 CVE security advisories affecting wptb. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Wptb is a WordPress plugin designed to enhance website building capabilities through drag-and-drop functionality. Historically, it has been susceptible to multiple vulnerability classes including remote code execution, cross-site scripting, and privilege escalation, with three CVEs documented. The plugin's complex architecture and extensive permissions have made it a target for attackers seeking unauthorized access. Security researchers have noted that improper input validation and insufficient access controls have been recurring issues. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities in wptb highlights the importance of regular updates and security hardening for implementations using this tool.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-13753 | WP Table Builder <= 2.0.19 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation — WP Table Builder – Drag & Drop Table BuilderCWE-863 | 4.3 | Medium | 2026-01-09 |
| CVE-2025-8604 | WP Table Builder – WordPress Table Plugin <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WP Table Builder – Drag & Drop Table BuilderCWE-79 | 6.4 | Medium | 2025-08-15 |
| CVE-2024-4700 | WP Table Builder – WordPress Table Plugin <= 1.4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Table Builder – Drag & Drop Table BuilderCWE-79 | 6.4 | Medium | 2024-05-21 |
This page lists every published CVE security advisory associated with wptb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.