The WP Table Builder – WordPress Table Plugin for WordPress is a plugin that is vulnerable to a type of attack called Reflected Cross-Site Scripting. This type of attack can be done by unauthenticated attackers who can inject malicious code into pages without needing to be logged in. The vulnerability is present in versions up to and including 1.3.9 and is caused by a lack of input sanitization and output escaping. This means if a user is tricked into clicking a link then it could allow the malicious code to execute.