Stored Cross-Site Scripting Vulnerability in BuddyHolis TableSearch Plugin for WordPress
CVE-2026-15301
6.4MEDIUM
What is CVE-2026-15301?
The BuddyHolis TableSearch plugin for WordPress is susceptible to a stored cross-site scripting issue due to deficiencies in input sanitization and output escaping in the 'placeholder' parameter. This vulnerability allows authenticated attackers, specifically those with Contributor-level permissions and higher, to inject arbitrary web scripts. The injected scripts will execute on user pages when accessed, potentially compromising user data and security.
Affected Version(s)
BuddyHolis TableSearch 0 <= 1.1.0