An important security and maintenance release of TablePress is now available. TablePress 3.1.3 can be downloaded from the WordPress Plugin Directory and will show up as an update in the WordPress Dashboard for existing users shortly.
Updating to TablePress 3.1.3 is strongly recommend! Changes include:
- Security fix: Authenticated Stored XSS (CVE-2025-5096). Thanks to Asaf Mozes and the Wordfence team for following responsible disclosure policies when reporting this issue!
- Enhancement: Improve handling of multi-byte strings with special characters from non-Latin alphabets.
- “Automatic Periodic Table Import“ module: Prevent tables from losing their options by always loading other modules during an automatic import. (TablePress Max only.)
- Several external code libraries and build tools have been updated to benefit from enhancements and bug fixes.
- Cleaned up and simplified code, for easier future maintenance, to follow WordPress Coding Standards, and to offer helpful inline documentation.
For changes to previous versions in the TablePress 3.1.x release branch, see the corresponding release announcement.