Title: Critical Security Problems Last modified: December 21, 2022 --- # Critical Security Problems * Resolved [Ruben](https://wordpress.org/support/users/rubenvankempen/) * (@rubenvankempen) * [3 years, 5 months ago](https://wordpress.org/support/topic/critical-security-problems/) * Hi there, * The last days/weeks I keep getting emails from Wordfence about some critical security problems with Tablepress. It tells me to deactivate and remove the plugin. The problem is going on from february 2020 on.. * Can this be fixed? * **Details**: [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/tablepress/tablepress-114-authenticated-author-csv-injection](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/tablepress/tablepress-114-authenticated-author-csv-injection) * **Description** “_The TablePress plugin for WordPress is vulnerable to CSV Injection in versions up to and including 1.14 via the tablepress[data] value. This makes it possible for attackers with author level access and above to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. This vulnerability is not likely to be exploited in the wild due to its high complexity and many modern day protections, however, it could have a significant impact if exploited successfully at it’s worst impact. Please note that while the CVE record says this issue was patched in 1.10, our team confirmed it is still exploitable in 1.14. The developer is working on a fix to be released in version 2.0 of TablePress._“ * Thanks in advanced. * Regards, Ruben * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fcritical-security-problems%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 6 replies - 1 through 6 (of 6 total) * Plugin Author [Tobias Bäthge](https://wordpress.org/support/users/tobiasbg/) * (@tobiasbg) * [3 years, 5 months ago](https://wordpress.org/support/topic/critical-security-problems/#post-16310217) * Hi @rubenvankempen , * thanks for your post, and sorry for the trouble. * First: TablePress, your site, and your server are safe. * I regard this report as invalid. Please see [https://wordpress.org/support/topic/wordfence-alerts-critical-for-vulenrability/?view=all#post-16068890](https://wordpress.org/support/topic/wordfence-alerts-critical-for-vulenrability/?view=all#post-16068890), [https://wordpress.org/support/topic/wordfence-alerts-critical-for-vulenrability/page/4/#post-16214632](https://wordpress.org/support/topic/wordfence-alerts-critical-for-vulenrability/page/4/#post-16214632), and my other replies in that thread for the current status. * WordFence will turn off this notification once TablePress 2.0 is released, which will happen on Thursday, if everything goes as planned. * Best wishes, Tobias * Plugin Author [Tobias Bäthge](https://wordpress.org/support/users/tobiasbg/) * (@tobiasbg) * [3 years, 5 months ago](https://wordpress.org/support/topic/critical-security-problems/#post-16314643) * Hi [@rubenvankempen](https://wordpress.org/support/users/rubenvankempen/) , * quick update: TablePress 2.0 is now available, see [https://tablepress.org/release-announcement-tablepress-2-0/](https://tablepress.org/release-announcement-tablepress-2-0/) * With this, the Wordfence notifications should now be turned off 🙂 * Best wishes, Tobias * Thread Starter [Ruben](https://wordpress.org/support/users/rubenvankempen/) * (@rubenvankempen) * [3 years, 5 months ago](https://wordpress.org/support/topic/critical-security-problems/#post-16314655) * Thanks for the respond. * My plugin is up-to-date (version 2.0) but the notifications are still coming in, from Wordfence. Last one from 2 hours ago. * I’ll check again in a few days. - This reply was modified 3 years, 5 months ago by [Ruben](https://wordpress.org/support/users/rubenvankempen/). * Plugin Author [Tobias Bäthge](https://wordpress.org/support/users/tobiasbg/) * (@tobiasbg) * [3 years, 5 months ago](https://wordpress.org/support/topic/critical-security-problems/#post-16314673) * Hi [@rubenvankempen](https://wordpress.org/support/users/rubenvankempen/), * that’s weird. They have confirmed to me that they have updated their database, and the [link that you posted](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/tablepress/tablepress-114-authenticated-author-csv-injection) already shows the new and correct information. Maybe it just takes a bit until the installed Wordfence refreshes its database from their server, so checking back in a few days sounds like a good plan. * Best wishes, Tobias * Thread Starter [Ruben](https://wordpress.org/support/users/rubenvankempen/) * (@rubenvankempen) * [3 years, 5 months ago](https://wordpress.org/support/topic/critical-security-problems/#post-16318093) * Updated. Solved ⌊👌⌉ - This reply was modified 3 years, 5 months ago by [Ruben](https://wordpress.org/support/users/rubenvankempen/). * Plugin Author [Tobias Bäthge](https://wordpress.org/support/users/tobiasbg/) * (@tobiasbg) * [3 years, 5 months ago](https://wordpress.org/support/topic/critical-security-problems/#post-16318123) * Hi, * awesome! 🙂 Thanks for letting me know! * All the best! Tobias Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Critical Security Problems’ is closed to new replies. * ![](https://ps.w.org/tablepress/assets/icon.svg?rev=3192944) * [TablePress - Tables in WordPress made easy](https://wordpress.org/plugins/tablepress/) * [Frequently Asked Questions](https://wordpress.org/plugins/tablepress/#faq) * [Support Threads](https://wordpress.org/support/plugin/tablepress/) * [Active Topics](https://wordpress.org/support/plugin/tablepress/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/tablepress/unresolved/) * [Reviews](https://wordpress.org/support/plugin/tablepress/reviews/) * 7 replies * 2 participants * Last reply from: [Tobias Bäthge](https://wordpress.org/support/users/tobiasbg/) * Last activity: [3 years, 5 months ago](https://wordpress.org/support/topic/critical-security-problems/#post-16318123) * Status: resolved