Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
Unauthorized access to sensitive WordPress plugin data
CVE-2025-12845
Summary
A security issue in the Tablesome Table plugin for WordPress allows attackers with Subscriber-level access or higher to access sensitive data, including email logs and password reset keys. This could lead to unauthorized access to user accounts. To protect your site, update the plugin to the latest version (1.2.2 or later).
Original title
The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missi...
Original description
The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the get_table_data() function in versions 0.5.4 to 1.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve plugin table data that can expose email log information. Attackers can leverage this on sites where the table log is enabled in order to trigger a password reset and obtain the reset key.
nvd CVSS3.1
8.8
Vulnerability type
CWE-862
Missing Authorization
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026