Search criteria
24 vulnerabilities found for wpdatatables by tms-outsource
FKIE_CVE-2024-0591
Vulnerability from fkie_nvd - Published: 2024-03-13 16:15 - Updated: 2025-02-07 17:53
Severity ?
Summary
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tms-outsource | wpdatatables | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tms-outsource:wpdatatables:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9654173E-B097-4488-9524-E3CD512BCE2B",
"versionEndExcluding": "3.4.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables \u2013 WordPress Data Table, Dynamic Tables \u0026 Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u0027A\u0027 parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento wpDataTables \u2013 WordPress Data Table, Dynamic Tables \u0026amp; Table Charts Plugin para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro \u0027A\u0027 en todas las versiones hasta la 3.4.2.2 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y un escape de salida. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"id": "CVE-2024-0591",
"lastModified": "2025-02-07T17:53:51.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security@wordfence.com",
"type": "Secondary"
}
]
},
"published": "2024-03-13T16:15:11.917",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/"
},
{
"source": "security@wordfence.com",
"tags": [
"Broken Link"
],
"url": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/samples/Basic/45_Quadratic_equation_solver.php"
},
{
"source": "security@wordfence.com",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3037741%40wpdatatables\u0026new=3037741%40wpdatatables\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a679863-3c22-4d34-9994-1f8ec121ad86?source=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/samples/Basic/45_Quadratic_equation_solver.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3037741%40wpdatatables\u0026new=3037741%40wpdatatables\u0026sfp_email=\u0026sfph_mail="
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a679863-3c22-4d34-9994-1f8ec121ad86?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4314
Vulnerability from fkie_nvd - Published: 2023-09-11 20:15 - Updated: 2025-04-23 17:16
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/1ab192d7-72ac-4f12-8a51-f28ee4db91bc | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/1ab192d7-72ac-4f12-8a51-f28ee4db91bc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tms-outsource | wpdatatables | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tms-outsource:wpdatatables:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D9D545B2-E6F5-4F5A-B609-8618ECA9023E",
"versionEndExcluding": "2.1.66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables WordPress plugin before 2.1.66 does not validate the \"Serialized PHP array\" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite."
},
{
"lang": "es",
"value": "El complemento de WordPress wpDataTables anterior a 2.1.66 no valida los datos de entrada de la \"Serialized PHP array\" antes de deserializar los datos. Esto permite a los administradores deserializar datos arbitrarios, lo que puede conducir a la ejecuci\u00f3n remota de c\u00f3digo si hay una cadena de dispositivos adecuada en el servidor. Esto tiene un impacto en entornos donde no se debe permitir que los usuarios administradores ejecuten c\u00f3digo arbitrario, como multisitio."
}
],
"id": "CVE-2023-4314",
"lastModified": "2025-04-23T17:16:43.797",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-09-11T20:15:12.310",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/1ab192d7-72ac-4f12-8a51-f28ee4db91bc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/1ab192d7-72ac-4f12-8a51-f28ee4db91bc"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified"
}
FKIE_CVE-2023-23876
Vulnerability from fkie_nvd - Published: 2023-05-03 14:15 - Updated: 2024-11-21 07:47
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <= 2.1.49 versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tms-outsource | wpdatatables | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tms-outsource:wpdatatables:*:*:*:*:premium:wordpress:*:*",
"matchCriteriaId": "98677D50-0608-4FFD-B49C-8252EDF34116",
"versionEndExcluding": "2.1.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin \u003c=\u00a02.1.49 versions."
}
],
"id": "CVE-2023-23876",
"lastModified": "2024-11-21T07:47:01.200",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-03T14:15:32.290",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-wordpress-tables-table-charts-plugin-plugin-2-1-49-cross-site-scripting-xss-vulnerability?_s_id=cve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-wordpress-tables-table-charts-plugin-plugin-2-1-49-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-29432
Vulnerability from fkie_nvd - Published: 2022-05-20 21:15 - Updated: 2024-11-21 06:59
Severity ?
3.4 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tms-outsource | wpdatatables | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tms-outsource:wpdatatables:*:*:*:*:premium:wordpress:*:*",
"matchCriteriaId": "D2CAD01C-905E-42AB-A2BF-945ED28B8428",
"versionEndIncluding": "2.1.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin \u003c= 2.1.27 on WordPress via \u0026data-link-text, \u0026data-link-url, \u0026data, \u0026data-shortcode, \u0026data-star-num vulnerable parameters."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) persistentes y autenticadas (administrador o rol de usuario superior) en el plugin TMS-Plugins wpDataTables versiones anteriores a 2.1.27 incluy\u00e9ndola, en WordPress por medio de los par\u00e1metros vulnerables \u0026amp;data-link-text, \u0026amp;data-link-url, \u0026amp;data, \u0026amp;data-shortcode, \u0026amp;data-star-num"
}
],
"id": "CVE-2022-29432",
"lastModified": "2024-11-21T06:59:04.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 1.4,
"source": "audit@patchstack.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-20T21:15:10.910",
"references": [
{
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities"
},
{
"source": "audit@patchstack.com",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/wpdatatables/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://wordpress.org/plugins/wpdatatables/#developers"
}
],
"sourceIdentifier": "audit@patchstack.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "audit@patchstack.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-24200
Vulnerability from fkie_nvd - Published: 2021-04-12 14:15 - Updated: 2024-11-21 05:52
Severity ?
Summary
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'length' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/ | Third Party Advisory | |
| contact@wpscan.com | https://wpdatatables.com/help/whats-new-changelog/ | Release Notes, Vendor Advisory | |
| contact@wpscan.com | https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpdatatables.com/help/whats-new-changelog/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tms-outsource | wpdatatables | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tms-outsource:wpdatatables:*:*:*:*:premium:wordpress:*:*",
"matchCriteriaId": "00C79193-0FAF-4101-B078-43245C9012E5",
"versionEndExcluding": "3.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable\u0026table_id=1, on the \u0027length\u0027 HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."
},
{
"lang": "es",
"value": "El plugin wpDataTables \u2013 Tables \u0026amp; Table Charts premium WordPress versiones anteriores a 3.4.2, permite a un usuario autenticado poco privilegiado llevar a cabo una inyecci\u00f3n SQL ciega basada en Booleanos en la p\u00e1gina de lista de tablas en el endpoint /wp-admin/admin-ajax.php?action=get_wdtable\u0026amp;table_id=1, en el par\u00e1metro POST HTTP \"length\".\u0026#xa0;Esto permite a un atacante acceder a todos los datos de la base de datos y conseguir acceso a la aplicaci\u00f3n de WordPress"
}
],
"id": "CVE-2021-24200",
"lastModified": "2024-11-21T05:52:34.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-12T14:15:15.007",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"source": "contact@wpscan.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-24198
Vulnerability from fkie_nvd - Published: 2021-04-12 14:15 - Updated: 2024-11-21 05:52
Severity ?
Summary
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/ | Third Party Advisory | |
| contact@wpscan.com | https://wpdatatables.com/help/whats-new-changelog/ | Release Notes, Vendor Advisory | |
| contact@wpscan.com | https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpdatatables.com/help/whats-new-changelog/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tms-outsource | wpdatatables | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tms-outsource:wpdatatables:*:*:*:*:premium:wordpress:*:*",
"matchCriteriaId": "00C79193-0FAF-4101-B078-43245C9012E5",
"versionEndExcluding": "3.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table."
},
{
"lang": "es",
"value": "El plugin wpDataTables \u2013 Tables \u0026amp; Table Charts premium WordPress versiones anteriores a 3.4.2, presenta un Control de Acceso Inapropiado.\u0026#xa0;Un usuario autenticado poco privilegiado que visita la p\u00e1gina donde es publicada la tabla puede manipular los par\u00e1metros para eliminar los datos de otro usuario que est\u00e1n presentes en la misma tabla por medio de los par\u00e1metros id_key e id_val.\u0026#xa0;Al explotar este problema, un atacante puede eliminar los datos de todos los usuarios de la misma tabla"
}
],
"id": "CVE-2021-24198",
"lastModified": "2024-11-21T05:52:34.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-12T14:15:14.850",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"source": "contact@wpscan.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-24199
Vulnerability from fkie_nvd - Published: 2021-04-12 14:15 - Updated: 2024-11-21 05:52
Severity ?
Summary
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/ | Third Party Advisory | |
| contact@wpscan.com | https://wpdatatables.com/help/whats-new-changelog/ | Release Notes, Vendor Advisory | |
| contact@wpscan.com | https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpdatatables.com/help/whats-new-changelog/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tms-outsource | wpdatatables | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tms-outsource:wpdatatables:*:*:*:*:premium:wordpress:*:*",
"matchCriteriaId": "00C79193-0FAF-4101-B078-43245C9012E5",
"versionEndExcluding": "3.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable\u0026table_id=1, on the \u0027start\u0027 HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."
},
{
"lang": "es",
"value": "El plugin wp DataTables \u2013 Tables \u0026amp; Table Charts premium WordPress versiones anteriores a 3.4.2, permite a un usuario autenticado poco privilegiado llevar a cabo una inyecci\u00f3n SQL ciega basada en Booleanos en la p\u00e1gina de lista de tablas en el endpoint /wp-admin/admin-ajax.php?action=get_wdtable\u0026amp;table_id=1, en el par\u00e1metro HTTP POST \"start!\".\u0026#xa0;Esto permite a un atacante acceder a todos los datos de la base de datos y conseguir acceso a la aplicaci\u00f3n de WordPress"
}
],
"id": "CVE-2021-24199",
"lastModified": "2024-11-21T05:52:34.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-12T14:15:14.930",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"source": "contact@wpscan.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-24197
Vulnerability from fkie_nvd - Published: 2021-04-12 14:15 - Updated: 2024-11-21 05:52
Severity ?
Summary
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table.
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/ | Third Party Advisory | |
| contact@wpscan.com | https://wpdatatables.com/help/whats-new-changelog/ | Release Notes, Vendor Advisory | |
| contact@wpscan.com | https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpdatatables.com/help/whats-new-changelog/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tms-outsource | wpdatatables | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tms-outsource:wpdatatables:*:*:*:*:premium:wordpress:*:*",
"matchCriteriaId": "00C79193-0FAF-4101-B078-43245C9012E5",
"versionEndExcluding": "3.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table."
},
{
"lang": "es",
"value": "El plugin wpDataTables \u2013 Tables \u0026amp; Table Charts premium WordPress versiones anteriores a 3.4.2, presenta un Control de Acceso Inapropiado.\u0026#xa0;Un usuario autenticado poco privilegiado que visita la p\u00e1gina donde es publicada la tabla puede manipular los par\u00e1metros para acceder a los datos de otro usuario que est\u00e1n presentes en la misma tabla al asumir los permisos de usuario en la tabla por medio del par\u00e1metro formdata[wdt_ID].\u0026#xa0;Al explotar este problema, un atacante puede acceder y administrar los datos de todos los usuarios en la misma tabla"
}
],
"id": "CVE-2021-24197",
"lastModified": "2024-11-21T05:52:34.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-12T14:15:14.710",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"source": "contact@wpscan.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "contact@wpscan.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-0591 (GCVE-0-2024-0591)
Vulnerability from cvelistv5 – Published: 2024-03-13 15:26 – Updated: 2024-08-01 18:11
VLAI?
Summary
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpdatatables | wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin |
Affected:
* , ≤ 3.4.2.4
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T17:49:52.303248Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T19:20:29.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a679863-3c22-4d34-9994-1f8ec121ad86?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/samples/Basic/45_Quadratic_equation_solver.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3037741%40wpdatatables\u0026new=3037741%40wpdatatables\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "wpDataTables \u2013 WordPress Data Table, Dynamic Tables \u0026 Table Charts Plugin",
"vendor": "wpdatatables",
"versions": [
{
"lessThanOrEqual": "3.4.2.4",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables \u2013 WordPress Data Table, Dynamic Tables \u0026 Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u0027A\u0027 parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T15:26:50.625Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a679863-3c22-4d34-9994-1f8ec121ad86?source=cve"
},
{
"url": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/"
},
{
"url": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/samples/Basic/45_Quadratic_equation_solver.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3037741%40wpdatatables\u0026new=3037741%40wpdatatables\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-20T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0591",
"datePublished": "2024-03-13T15:26:50.625Z",
"dateReserved": "2024-01-16T13:49:20.243Z",
"dateUpdated": "2024-08-01T18:11:35.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4314 (GCVE-0-2023-4314)
Vulnerability from cvelistv5 – Published: 2023-09-11 19:46 – Updated: 2025-04-23 16:16
VLAI?
Title
wpDataTables < 2.1.66 - Admin+ PHP Object Injection
Summary
The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite.
Severity ?
7.2 (High)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | wpDataTables |
Affected:
0 , < 2.1.66
(custom)
|
Credits
Jonatas Souza Villa Flor
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1ab192d7-72ac-4f12-8a51-f28ee4db91bc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-4314",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T16:07:16.621431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:16:49.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "wpDataTables",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.1.66",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jonatas Souza Villa Flor"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables WordPress plugin before 2.1.66 does not validate the \"Serialized PHP array\" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T19:46:06.952Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/1ab192d7-72ac-4f12-8a51-f28ee4db91bc"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "wpDataTables \u003c 2.1.66 - Admin+ PHP Object Injection",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-4314",
"datePublished": "2023-09-11T19:46:06.952Z",
"dateReserved": "2023-08-11T19:07:52.418Z",
"dateUpdated": "2025-04-23T16:16:49.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23876 (GCVE-0-2023-23876)
Vulnerability from cvelistv5 – Published: 2023-05-03 13:12 – Updated: 2025-01-09 15:31
VLAI?
Title
WordPress wpDataTables Plugin <= 2.1.49 is vulnerable to Cross Site Scripting (XSS)
Summary
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <= 2.1.49 versions.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TMS-Plugins | wpDataTables |
Affected:
n/a , ≤ 2.1.49
(custom)
|
Credits
Rafshanzani Suhada (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:42:27.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-wordpress-tables-table-charts-plugin-plugin-2-1-49-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T14:27:03.725863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T15:31:10.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wpdatatables",
"product": "wpDataTables",
"vendor": "TMS-Plugins",
"versions": [
{
"changes": [
{
"at": "2.1.50",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.49",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafshanzani Suhada (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin \u0026lt;=\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;2.1.49 versions.\u003c/span\u003e"
}
],
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin \u003c=\u00a02.1.49 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T13:12:59.336Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-wordpress-tables-table-charts-plugin-plugin-2-1-49-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;2.1.50 or a higher version."
}
],
"value": "Update to\u00a02.1.50 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress wpDataTables Plugin \u003c= 2.1.49 is vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-23876",
"datePublished": "2023-05-03T13:12:59.336Z",
"dateReserved": "2023-01-19T11:32:48.331Z",
"dateUpdated": "2025-01-09T15:31:10.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29432 (GCVE-0-2022-29432)
Vulnerability from cvelistv5 – Published: 2022-05-20 20:48 – Updated: 2025-02-20 20:20
VLAI?
Title
WordPress wpDataTables plugin <= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
Summary
Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters.
Severity ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TMS-Plugins | wpDataTables – Tables & Table Charts (WordPress plugin) |
Affected:
<= 2.1.27 , ≤ 2.1.27
(custom)
|
Credits
Vulnerability discovered by Ex.Mi (Patchstack)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:55.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wpdatatables/#developers"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:29:37.106999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T20:20:41.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wpDataTables \u2013 Tables \u0026 Table Charts (WordPress plugin)",
"vendor": "TMS-Plugins",
"versions": [
{
"lessThanOrEqual": "2.1.27",
"status": "affected",
"version": "\u003c= 2.1.27",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Ex.Mi (Patchstack)"
}
],
"datePublic": "2022-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin \u003c= 2.1.27 on WordPress via \u0026data-link-text, \u0026data-link-url, \u0026data, \u0026data-shortcode, \u0026data-star-num vulnerable parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T20:48:20.000Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/wpdatatables/#developers"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 2.1.28 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress wpDataTables plugin \u003c= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-05-06T13:37:00.000Z",
"ID": "CVE-2022-29432",
"STATE": "PUBLIC",
"TITLE": "WordPress wpDataTables plugin \u003c= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wpDataTables \u2013 Tables \u0026 Table Charts (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "\u003c= 2.1.27",
"version_value": "2.1.27"
}
]
}
}
]
},
"vendor_name": "TMS-Plugins"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ex.Mi (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin \u003c= 2.1.27 on WordPress via \u0026data-link-text, \u0026data-link-url, \u0026data, \u0026data-shortcode, \u0026data-star-num vulnerable parameters."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/wpdatatables/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/wpdatatables/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 2.1.28 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-29432",
"datePublished": "2022-05-20T20:48:20.530Z",
"dateReserved": "2022-04-18T00:00:00.000Z",
"dateUpdated": "2025-02-20T20:20:41.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24200 (GCVE-0-2021-24200)
Vulnerability from cvelistv5 – Published: 2021-04-12 13:59 – Updated: 2024-08-03 19:21
VLAI?
Title
wpDataTables < 3.4.2 - Blind SQL Injection via length Parameter
Summary
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'length' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpDataTables | wpDataTables – Tables & Table Charts |
Affected:
3.4.2 , < 3.4.2
(custom)
|
Credits
Veno Eivazian, Massimiliano Ferraresi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wpDataTables \u2013 Tables \u0026 Table Charts",
"vendor": "wpDataTables",
"versions": [
{
"lessThan": "3.4.2",
"status": "affected",
"version": "3.4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable\u0026table_id=1, on the \u0027length\u0027 HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-12T13:59:38",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "wpDataTables \u003c 3.4.2 - Blind SQL Injection via length Parameter",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24200",
"STATE": "PUBLIC",
"TITLE": "wpDataTables \u003c 3.4.2 - Blind SQL Injection via length Parameter"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wpDataTables \u2013 Tables \u0026 Table Charts",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.4.2",
"version_value": "3.4.2"
}
]
}
}
]
},
"vendor_name": "wpDataTables"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable\u0026table_id=1, on the \u0027length\u0027 HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpdatatables.com/help/whats-new-changelog/",
"refsource": "MISC",
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/",
"refsource": "MISC",
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"name": "https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24200",
"datePublished": "2021-04-12T13:59:38",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24199 (GCVE-0-2021-24199)
Vulnerability from cvelistv5 – Published: 2021-04-12 13:59 – Updated: 2024-08-03 19:21
VLAI?
Title
wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter
Summary
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpDataTables | wpDataTables – Tables & Table Charts |
Affected:
3.4.2 , < 3.4.2
(custom)
|
Credits
Veno Eivazian, Massimiliano Ferraresi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wpDataTables \u2013 Tables \u0026 Table Charts",
"vendor": "wpDataTables",
"versions": [
{
"lessThan": "3.4.2",
"status": "affected",
"version": "3.4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable\u0026table_id=1, on the \u0027start\u0027 HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-12T13:59:17",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "wpDataTables \u003c 3.4.2 - Blind SQL Injection via start Parameter",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24199",
"STATE": "PUBLIC",
"TITLE": "wpDataTables \u003c 3.4.2 - Blind SQL Injection via start Parameter"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wpDataTables \u2013 Tables \u0026 Table Charts",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.4.2",
"version_value": "3.4.2"
}
]
}
}
]
},
"vendor_name": "wpDataTables"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable\u0026table_id=1, on the \u0027start\u0027 HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpdatatables.com/help/whats-new-changelog/",
"refsource": "MISC",
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/",
"refsource": "MISC",
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"name": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24199",
"datePublished": "2021-04-12T13:59:17",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24198 (GCVE-0-2021-24198)
Vulnerability from cvelistv5 – Published: 2021-04-12 13:58 – Updated: 2024-08-03 19:21
VLAI?
Title
wpDataTables < 3.4.2 - Improper Access Control leading to Table Data Deletion
Summary
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpDataTables | wpDataTables – Tables & Table Charts |
Affected:
3.4.2 , < 3.4.2
(custom)
|
Credits
Veno Eivazian, Massimiliano Ferraresi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wpDataTables \u2013 Tables \u0026 Table Charts",
"vendor": "wpDataTables",
"versions": [
{
"lessThan": "3.4.2",
"status": "affected",
"version": "3.4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-12T13:58:49",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "wpDataTables \u003c 3.4.2 - Improper Access Control leading to Table Data Deletion",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24198",
"STATE": "PUBLIC",
"TITLE": "wpDataTables \u003c 3.4.2 - Improper Access Control leading to Table Data Deletion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wpDataTables \u2013 Tables \u0026 Table Charts",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.4.2",
"version_value": "3.4.2"
}
]
}
}
]
},
"vendor_name": "wpDataTables"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpdatatables.com/help/whats-new-changelog/",
"refsource": "MISC",
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/",
"refsource": "MISC",
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"name": "https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24198",
"datePublished": "2021-04-12T13:58:49",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24197 (GCVE-0-2021-24197)
Vulnerability from cvelistv5 – Published: 2021-04-12 13:58 – Updated: 2024-08-03 19:21
VLAI?
Title
wpDataTables < 3.4.2 - Improper Access Control leading to Table Permission Takeover
Summary
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpDataTables | wpDataTables – Tables & Table Charts |
Affected:
3.4.2 , < 3.4.2
(custom)
|
Credits
Veno Eivazian, Massimiliano Ferraresi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wpDataTables \u2013 Tables \u0026 Table Charts",
"vendor": "wpDataTables",
"versions": [
{
"lessThan": "3.4.2",
"status": "affected",
"version": "3.4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-12T13:58:04",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "wpDataTables \u003c 3.4.2 - Improper Access Control leading to Table Permission Takeover",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24197",
"STATE": "PUBLIC",
"TITLE": "wpDataTables \u003c 3.4.2 - Improper Access Control leading to Table Permission Takeover"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wpDataTables \u2013 Tables \u0026 Table Charts",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.4.2",
"version_value": "3.4.2"
}
]
}
}
]
},
"vendor_name": "wpDataTables"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpdatatables.com/help/whats-new-changelog/",
"refsource": "MISC",
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"name": "https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b"
},
{
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/",
"refsource": "MISC",
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24197",
"datePublished": "2021-04-12T13:58:04",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0591 (GCVE-0-2024-0591)
Vulnerability from nvd – Published: 2024-03-13 15:26 – Updated: 2024-08-01 18:11
VLAI?
Summary
The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity ?
6.1 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpdatatables | wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin |
Affected:
* , ≤ 3.4.2.4
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-13T17:49:52.303248Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T19:20:29.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:11:35.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a679863-3c22-4d34-9994-1f8ec121ad86?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/samples/Basic/45_Quadratic_equation_solver.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3037741%40wpdatatables\u0026new=3037741%40wpdatatables\u0026sfp_email=\u0026sfph_mail="
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "wpDataTables \u2013 WordPress Data Table, Dynamic Tables \u0026 Table Charts Plugin",
"vendor": "wpdatatables",
"versions": [
{
"lessThanOrEqual": "3.4.2.4",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables \u2013 WordPress Data Table, Dynamic Tables \u0026 Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u0027A\u0027 parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-13T15:26:50.625Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5a679863-3c22-4d34-9994-1f8ec121ad86?source=cve"
},
{
"url": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/"
},
{
"url": "https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/samples/Basic/45_Quadratic_equation_solver.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3037741%40wpdatatables\u0026new=3037741%40wpdatatables\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-20T00:00:00.000+00:00",
"value": "Disclosed"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-0591",
"datePublished": "2024-03-13T15:26:50.625Z",
"dateReserved": "2024-01-16T13:49:20.243Z",
"dateUpdated": "2024-08-01T18:11:35.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4314 (GCVE-0-2023-4314)
Vulnerability from nvd – Published: 2023-09-11 19:46 – Updated: 2025-04-23 16:16
VLAI?
Title
wpDataTables < 2.1.66 - Admin+ PHP Object Injection
Summary
The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite.
Severity ?
7.2 (High)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | wpDataTables |
Affected:
0 , < 2.1.66
(custom)
|
Credits
Jonatas Souza Villa Flor
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1ab192d7-72ac-4f12-8a51-f28ee4db91bc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-4314",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T16:07:16.621431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:16:49.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "wpDataTables",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.1.66",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jonatas Souza Villa Flor"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables WordPress plugin before 2.1.66 does not validate the \"Serialized PHP array\" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-11T19:46:06.952Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/1ab192d7-72ac-4f12-8a51-f28ee4db91bc"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "wpDataTables \u003c 2.1.66 - Admin+ PHP Object Injection",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-4314",
"datePublished": "2023-09-11T19:46:06.952Z",
"dateReserved": "2023-08-11T19:07:52.418Z",
"dateUpdated": "2025-04-23T16:16:49.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23876 (GCVE-0-2023-23876)
Vulnerability from nvd – Published: 2023-05-03 13:12 – Updated: 2025-01-09 15:31
VLAI?
Title
WordPress wpDataTables Plugin <= 2.1.49 is vulnerable to Cross Site Scripting (XSS)
Summary
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <= 2.1.49 versions.
Severity ?
6.5 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TMS-Plugins | wpDataTables |
Affected:
n/a , ≤ 2.1.49
(custom)
|
Credits
Rafshanzani Suhada (Patchstack Alliance)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:42:27.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-wordpress-tables-table-charts-plugin-plugin-2-1-49-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23876",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T14:27:03.725863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T15:31:10.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wpdatatables",
"product": "wpDataTables",
"vendor": "TMS-Plugins",
"versions": [
{
"changes": [
{
"at": "2.1.50",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.1.49",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rafshanzani Suhada (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin \u0026lt;=\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;2.1.49 versions.\u003c/span\u003e"
}
],
"value": "Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin \u003c=\u00a02.1.49 versions."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-03T13:12:59.336Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-wordpress-tables-table-charts-plugin-plugin-2-1-49-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to\u0026nbsp;2.1.50 or a higher version."
}
],
"value": "Update to\u00a02.1.50 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress wpDataTables Plugin \u003c= 2.1.49 is vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-23876",
"datePublished": "2023-05-03T13:12:59.336Z",
"dateReserved": "2023-01-19T11:32:48.331Z",
"dateUpdated": "2025-01-09T15:31:10.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29432 (GCVE-0-2022-29432)
Vulnerability from nvd – Published: 2022-05-20 20:48 – Updated: 2025-02-20 20:20
VLAI?
Title
WordPress wpDataTables plugin <= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
Summary
Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters.
Severity ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TMS-Plugins | wpDataTables – Tables & Table Charts (WordPress plugin) |
Affected:
<= 2.1.27 , ≤ 2.1.27
(custom)
|
Credits
Vulnerability discovered by Ex.Mi (Patchstack)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:55.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wordpress.org/plugins/wpdatatables/#developers"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-29432",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-20T19:29:37.106999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-20T20:20:41.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wpDataTables \u2013 Tables \u0026 Table Charts (WordPress plugin)",
"vendor": "TMS-Plugins",
"versions": [
{
"lessThanOrEqual": "2.1.27",
"status": "affected",
"version": "\u003c= 2.1.27",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vulnerability discovered by Ex.Mi (Patchstack)"
}
],
"datePublic": "2022-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin \u003c= 2.1.27 on WordPress via \u0026data-link-text, \u0026data-link-url, \u0026data, \u0026data-shortcode, \u0026data-star-num vulnerable parameters."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-20T20:48:20.000Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wordpress.org/plugins/wpdatatables/#developers"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to 2.1.28 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress wpDataTables plugin \u003c= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "audit@patchstack.com",
"DATE_PUBLIC": "2022-05-06T13:37:00.000Z",
"ID": "CVE-2022-29432",
"STATE": "PUBLIC",
"TITLE": "WordPress wpDataTables plugin \u003c= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wpDataTables \u2013 Tables \u0026 Table Charts (WordPress plugin)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "\u003c= 2.1.27",
"version_value": "2.1.27"
}
]
}
}
]
},
"vendor_name": "TMS-Plugins"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Vulnerability discovered by Ex.Mi (Patchstack)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin \u003c= 2.1.27 on WordPress via \u0026data-link-text, \u0026data-link-url, \u0026data, \u0026data-shortcode, \u0026data-star-num vulnerable parameters."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/wpdatatables/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/wpdatatables/#developers"
},
{
"name": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities",
"refsource": "CONFIRM",
"url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-multiple-authenticated-persistent-cross-site-scripting-xss-vulnerabilities"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to 2.1.28 or higher version."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2022-29432",
"datePublished": "2022-05-20T20:48:20.530Z",
"dateReserved": "2022-04-18T00:00:00.000Z",
"dateUpdated": "2025-02-20T20:20:41.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24200 (GCVE-0-2021-24200)
Vulnerability from nvd – Published: 2021-04-12 13:59 – Updated: 2024-08-03 19:21
VLAI?
Title
wpDataTables < 3.4.2 - Blind SQL Injection via length Parameter
Summary
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'length' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpDataTables | wpDataTables – Tables & Table Charts |
Affected:
3.4.2 , < 3.4.2
(custom)
|
Credits
Veno Eivazian, Massimiliano Ferraresi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wpDataTables \u2013 Tables \u0026 Table Charts",
"vendor": "wpDataTables",
"versions": [
{
"lessThan": "3.4.2",
"status": "affected",
"version": "3.4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable\u0026table_id=1, on the \u0027length\u0027 HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-12T13:59:38",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "wpDataTables \u003c 3.4.2 - Blind SQL Injection via length Parameter",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24200",
"STATE": "PUBLIC",
"TITLE": "wpDataTables \u003c 3.4.2 - Blind SQL Injection via length Parameter"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wpDataTables \u2013 Tables \u0026 Table Charts",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.4.2",
"version_value": "3.4.2"
}
]
}
}
]
},
"vendor_name": "wpDataTables"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable\u0026table_id=1, on the \u0027length\u0027 HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpdatatables.com/help/whats-new-changelog/",
"refsource": "MISC",
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/",
"refsource": "MISC",
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"name": "https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24200",
"datePublished": "2021-04-12T13:59:38",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24199 (GCVE-0-2021-24199)
Vulnerability from nvd – Published: 2021-04-12 13:59 – Updated: 2024-08-03 19:21
VLAI?
Title
wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter
Summary
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.
Severity ?
No CVSS data available.
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpDataTables | wpDataTables – Tables & Table Charts |
Affected:
3.4.2 , < 3.4.2
(custom)
|
Credits
Veno Eivazian, Massimiliano Ferraresi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wpDataTables \u2013 Tables \u0026 Table Charts",
"vendor": "wpDataTables",
"versions": [
{
"lessThan": "3.4.2",
"status": "affected",
"version": "3.4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable\u0026table_id=1, on the \u0027start\u0027 HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-12T13:59:17",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "wpDataTables \u003c 3.4.2 - Blind SQL Injection via start Parameter",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24199",
"STATE": "PUBLIC",
"TITLE": "wpDataTables \u003c 3.4.2 - Blind SQL Injection via start Parameter"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wpDataTables \u2013 Tables \u0026 Table Charts",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.4.2",
"version_value": "3.4.2"
}
]
}
}
]
},
"vendor_name": "wpDataTables"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable\u0026table_id=1, on the \u0027start\u0027 HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpdatatables.com/help/whats-new-changelog/",
"refsource": "MISC",
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/",
"refsource": "MISC",
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"name": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24199",
"datePublished": "2021-04-12T13:59:17",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24198 (GCVE-0-2021-24198)
Vulnerability from nvd – Published: 2021-04-12 13:58 – Updated: 2024-08-03 19:21
VLAI?
Title
wpDataTables < 3.4.2 - Improper Access Control leading to Table Data Deletion
Summary
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpDataTables | wpDataTables – Tables & Table Charts |
Affected:
3.4.2 , < 3.4.2
(custom)
|
Credits
Veno Eivazian, Massimiliano Ferraresi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wpDataTables \u2013 Tables \u0026 Table Charts",
"vendor": "wpDataTables",
"versions": [
{
"lessThan": "3.4.2",
"status": "affected",
"version": "3.4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-12T13:58:49",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "wpDataTables \u003c 3.4.2 - Improper Access Control leading to Table Data Deletion",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24198",
"STATE": "PUBLIC",
"TITLE": "wpDataTables \u003c 3.4.2 - Improper Access Control leading to Table Data Deletion"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wpDataTables \u2013 Tables \u0026 Table Charts",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.4.2",
"version_value": "3.4.2"
}
]
}
}
]
},
"vendor_name": "wpDataTables"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpdatatables.com/help/whats-new-changelog/",
"refsource": "MISC",
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/",
"refsource": "MISC",
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
},
{
"name": "https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24198",
"datePublished": "2021-04-12T13:58:49",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24197 (GCVE-0-2021-24197)
Vulnerability from nvd – Published: 2021-04-12 13:58 – Updated: 2024-08-03 19:21
VLAI?
Title
wpDataTables < 3.4.2 - Improper Access Control leading to Table Permission Takeover
Summary
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpDataTables | wpDataTables – Tables & Table Charts |
Affected:
3.4.2 , < 3.4.2
(custom)
|
Credits
Veno Eivazian, Massimiliano Ferraresi
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wpDataTables \u2013 Tables \u0026 Table Charts",
"vendor": "wpDataTables",
"versions": [
{
"lessThan": "3.4.2",
"status": "affected",
"version": "3.4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-12T13:58:04",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "wpDataTables \u003c 3.4.2 - Improper Access Control leading to Table Permission Takeover",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24197",
"STATE": "PUBLIC",
"TITLE": "wpDataTables \u003c 3.4.2 - Improper Access Control leading to Table Permission Takeover"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wpDataTables \u2013 Tables \u0026 Table Charts",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.4.2",
"version_value": "3.4.2"
}
]
}
}
]
},
"vendor_name": "wpDataTables"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Veno Eivazian, Massimiliano Ferraresi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wpDataTables \u2013 Tables \u0026 Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpdatatables.com/help/whats-new-changelog/",
"refsource": "MISC",
"url": "https://wpdatatables.com/help/whats-new-changelog/"
},
{
"name": "https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b",
"refsource": "CONFIRM",
"url": "https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b"
},
{
"name": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/",
"refsource": "MISC",
"url": "https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24197",
"datePublished": "2021-04-12T13:58:04",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}