CVE-2025-12845
Unauthorized Access in Tablesome Table Plugin Enables Privilege Escalation
Publication date: 2026-02-19
Last updated on: 2026-02-19
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tablesome | tablesome | From 0.5.4 (inc) to 1.2.1 (inc) |
| tablesome | table_contact_form_db | From 0.5.4 (inc) to 1.2.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the Tablesome Table β Contact Form DB β WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress, specifically in versions 0.5.4 to 1.2.1. It is caused by a missing capability check on the get_table_data() function, which allows authenticated users with Subscriber-level access or higher to access plugin table data without proper authorization.
This unauthorized access can expose sensitive email log information stored by the plugin. Attackers can exploit this to trigger password resets and obtain reset keys, potentially escalating their privileges on the affected WordPress site.
How can this vulnerability impact me? :
This vulnerability can lead to serious security impacts including unauthorized disclosure of sensitive email log data.
- Exposure of email log information that may contain personal or sensitive data.
- Privilege escalation by attackers who can use the exposed data to trigger password resets and obtain reset keys.
- Potential full account takeover or unauthorized access to user accounts on the WordPress site.
Overall, this can compromise the confidentiality, integrity, and availability of the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the Tablesome Table β Contact Form DB plugin to version 1.2.2 or later, as this version includes multiple code improvements and likely security fixes.
Additionally, restrict Subscriber-level access where possible and disable the table log feature if it is not needed, to reduce the risk of attackers leveraging the vulnerability to obtain password reset keys.