CVE-2025-68516 MEDIUM

CVE-2025-68516: WordPress Tablesome plugin <= 1.1.35.1 - Sensitive Data Exposure vulnerability

Vendor Essekia
Product Tablesome
Weakness CWE-201
Published December 24, 2025
Last update April 28, 2026

CVSS base score

5.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

Insertion of Sensitive Information Into Sent Data vulnerability in Essekia Tablesome tablesome allows Retrieve Embedded Sensitive Data.This issue affects Tablesome: from n/a through <= 1.1.35.1.

Explanation of Vulnerability in Simple Terms

02Summary

Tablesome versions up to 1.1.35.1 expose sensitive information to authenticated users with low privileges. An attacker with a basic user account can read data they should not have access to due to insufficient access controls. The vulnerability affects the scope beyond the vulnerable component. Update to version 1.2.9 or later to remediate.

What an attacker can do

03Attacker Capabilities

Read sensitive data belonging to other users or restricted areas of the application.

Potential impact on your site

04Site Impact

User data and restricted information may be exposed to any authenticated user, compromising privacy and confidentiality.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege user account on the site; no special interaction required.

Key dates

06Disclosure timeline

December 24, 2025 CVE published
April 28, 2026 Record updated