WordPress Tablesome plugin versions prior to 1.0.9 suffer from a cross site scripting vulnerability.
advisories | CVE-2023-1890
WordPress Plugin Tablesome < 1.0.9 - Reflected XSS
The plugin does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting
Tablesome - Fixed in version 1.0.9
Proof of Concept:
Make a logged in admin open one of the URL below when the feature/tracking notice has not been dismissed yet
OWASP top 10 A7: Cross-Site Scripting (XSS)