FlexTable Google Sheets Connector < 3.19.2 - Admin+ Stored XSS

3.5 / 10

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

Description

The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Basic Information

ID CVE-2025-9543

Source WPScan

Published Jan 5, 2026 at 06:00

Modified Jan 5, 2026 at 16:22

Affected Product

Vendor Unknown

Product FlexTable

Affected Versions Unknown FlexTable 0

CWE Classification

References

wpscan.com /vulnerability/6cc212f4-aa61-409a-b257-9c920956a401/

{
    "lastseen": "",
    "description": "The FlexTable  WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",
    "published": "2026-01-05T06:00:09.878Z",
    "modified": "2026-01-05T16:22:52.963Z",
    "type": "cve",
    "title": "FlexTable Google Sheets Connector < 3.19.2 - Admin+ Stored XSS",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/6cc212f4-aa61-409a-b257-9c920956a401/",
    "id": "CVE-2025-9543",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown FlexTable 0",
    "sourceHref": "",
    "cvss": {
        "score": 3.5,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FlexTable",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

FlexTable Google Sheets Connector < 3.19.2 - Admin+ Stored XSS_CVE-2025-9543