The Tablesome plugin for WordPress, which manages tables and contact forms, has a security issue. Versions 1.0.27 and below are vulnerable to a type of attack called Reflected Cross-Site Scripting. This means that attackers can insert harmful code into a page that will run when someone views that page. This can happen without the user’s knowledge or permission.