CVE-2025-13753
BaseFortify
Publication date: 2026-01-09
Last updated on: 2026-04-14
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wp_table_builder | wp_table_builder | to 2.0.19 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the WP Table Builder WordPress plugin allows authenticated users with Subscriber-level access or higher to bypass proper authorization checks in the save_table() function. As a result, these users can create new wptb-table posts without proper permissions, leading to unauthorized modification of data.
How can this vulnerability impact me? :
The vulnerability can allow low-privileged authenticated users to create new table posts within the WordPress site, potentially leading to unauthorized content creation or data manipulation. This could affect the integrity of the site's data and content management.
What immediate steps should I take to mitigate this vulnerability?
Update the WP Table Builder plugin to version 2.1.0 or later, as this version includes the fix for the unauthorized modification vulnerability in the save_table() function. [1]