Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities found for wpdatatables_lite by tms-outsource

    CVE-2022-25618 (GCVE-0-2022-25618)

    Vulnerability from nvd – Published: 2022-04-04 19:46 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress wpDataTables plugin <= 2.1.27 - Stored Cross-Site Scripting (XSS) vulnerability
    Summary
    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Date Public
    2022-04-04 00:00
    Credits
    Vulnerability discovered by Muhammad Daffa (Patchstack Alliance).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:42:50.249Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wpdatatables/#developers"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-stored-cross-site-scripting-xss-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-25618",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:32:19.738519Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:28:52.921Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wpDataTables \u2013 Tables \u0026 Table Charts (WordPress plugin)",
              "vendor": "TMS-Plugins",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.27",
                  "status": "affected",
                  "version": "\u003c= 2.1.27",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)."
            }
          ],
          "datePublic": "2022-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions \u003c= 2.1.27"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:39.167Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/wpdatatables/#developers"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-stored-cross-site-scripting-xss-vulnerability"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.1.28 or higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress wpDataTables plugin \u003c= 2.1.27 - Stored Cross-Site Scripting (XSS) vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-04-04T07:05:00.000Z",
              "ID": "CVE-2022-25618",
              "STATE": "PUBLIC",
              "TITLE": "WordPress wpDataTables plugin \u003c= 2.1.27 - Stored Cross-Site Scripting (XSS) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "wpDataTables \u2013 Tables \u0026 Table Charts (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 2.1.27",
                                "version_value": "2.1.27"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TMS-Plugins"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions \u003c= 2.1.27"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/wpdatatables/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/wpdatatables/#developers"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-stored-cross-site-scripting-xss-vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-stored-cross-site-scripting-xss-vulnerability"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.1.28 or higher version."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-25618",
        "datePublished": "2022-04-04T19:46:17.800Z",
        "dateReserved": "2022-02-21T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:39.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2019-6011 (GCVE-0-2019-6011)

    Vulnerability from nvd – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:09
    VLAI
    Summary
    Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    TMS-Plugins wpDataTables Lite Affected: Version 2.0.11 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:09:24.032Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wpdatatables/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN14776551/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wpDataTables Lite",
              "vendor": "TMS-Plugins",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 2.0.11 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-26T15:16:50.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/wpdatatables/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://jvn.jp/en/jp/JVN14776551/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2019-6011",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "wpDataTables Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Version 2.0.11 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TMS-Plugins"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/wpdatatables/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/wpdatatables/"
                },
                {
                  "name": "http://jvn.jp/en/jp/JVN14776551/index.html",
                  "refsource": "MISC",
                  "url": "http://jvn.jp/en/jp/JVN14776551/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2019-6011",
        "datePublished": "2019-12-26T15:16:50.000Z",
        "dateReserved": "2019-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:09:24.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6012 (GCVE-0-2019-6012)

    Vulnerability from nvd – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:09
    VLAI
    Summary
    SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • SQL Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    TMS-Plugins wpDataTables Lite Affected: Version 2.0.11 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:09:23.989Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wpdatatables/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN14776551/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wpDataTables Lite",
              "vendor": "TMS-Plugins",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 2.0.11 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-26T15:16:50.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/wpdatatables/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://jvn.jp/en/jp/JVN14776551/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2019-6012",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "wpDataTables Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Version 2.0.11 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TMS-Plugins"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/wpdatatables/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/wpdatatables/"
                },
                {
                  "name": "http://jvn.jp/en/jp/JVN14776551/index.html",
                  "refsource": "MISC",
                  "url": "http://jvn.jp/en/jp/JVN14776551/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2019-6012",
        "datePublished": "2019-12-26T15:16:50.000Z",
        "dateReserved": "2019-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:09:23.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-25618 (GCVE-0-2022-25618)

    Vulnerability from cvelistv5 – Published: 2022-04-04 19:46 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress wpDataTables plugin <= 2.1.27 - Stored Cross-Site Scripting (XSS) vulnerability
    Summary
    Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Date Public
    2022-04-04 00:00
    Credits
    Vulnerability discovered by Muhammad Daffa (Patchstack Alliance).
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T04:42:50.249Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wpdatatables/#developers"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-stored-cross-site-scripting-xss-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-25618",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:32:19.738519Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:28:52.921Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wpDataTables \u2013 Tables \u0026 Table Charts (WordPress plugin)",
              "vendor": "TMS-Plugins",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.27",
                  "status": "affected",
                  "version": "\u003c= 2.1.27",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)."
            }
          ],
          "datePublic": "2022-04-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions \u003c= 2.1.27"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:39.167Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/wpdatatables/#developers"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-stored-cross-site-scripting-xss-vulnerability"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 2.1.28 or higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress wpDataTables plugin \u003c= 2.1.27 - Stored Cross-Site Scripting (XSS) vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-04-04T07:05:00.000Z",
              "ID": "CVE-2022-25618",
              "STATE": "PUBLIC",
              "TITLE": "WordPress wpDataTables plugin \u003c= 2.1.27 - Stored Cross-Site Scripting (XSS) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "wpDataTables \u2013 Tables \u0026 Table Charts (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 2.1.27",
                                "version_value": "2.1.27"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TMS-Plugins"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions \u003c= 2.1.27"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.4,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/wpdatatables/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/wpdatatables/#developers"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-stored-cross-site-scripting-xss-vulnerability",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/wpdatatables/wordpress-wpdatatables-plugin-2-1-27-stored-cross-site-scripting-xss-vulnerability"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 2.1.28 or higher version."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-25618",
        "datePublished": "2022-04-04T19:46:17.800Z",
        "dateReserved": "2022-02-21T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:39.167Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2019-6011 (GCVE-0-2019-6011)

    Vulnerability from cvelistv5 – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:09
    VLAI
    Summary
    Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    Impacted products
    Vendor Product Version
    TMS-Plugins wpDataTables Lite Affected: Version 2.0.11 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:09:24.032Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wpdatatables/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN14776551/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wpDataTables Lite",
              "vendor": "TMS-Plugins",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 2.0.11 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-26T15:16:50.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/wpdatatables/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://jvn.jp/en/jp/JVN14776551/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2019-6011",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "wpDataTables Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Version 2.0.11 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TMS-Plugins"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/wpdatatables/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/wpdatatables/"
                },
                {
                  "name": "http://jvn.jp/en/jp/JVN14776551/index.html",
                  "refsource": "MISC",
                  "url": "http://jvn.jp/en/jp/JVN14776551/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2019-6011",
        "datePublished": "2019-12-26T15:16:50.000Z",
        "dateReserved": "2019-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:09:24.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-6012 (GCVE-0-2019-6012)

    Vulnerability from cvelistv5 – Published: 2019-12-26 15:16 – Updated: 2024-08-04 20:09
    VLAI
    Summary
    SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • SQL Injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    TMS-Plugins wpDataTables Lite Affected: Version 2.0.11 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T20:09:23.989Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/wpdatatables/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN14776551/index.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wpDataTables Lite",
              "vendor": "TMS-Plugins",
              "versions": [
                {
                  "status": "affected",
                  "version": "Version 2.0.11 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-26T15:16:50.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wordpress.org/plugins/wpdatatables/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://jvn.jp/en/jp/JVN14776551/index.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2019-6012",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "wpDataTables Lite",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Version 2.0.11 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TMS-Plugins"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/wpdatatables/",
                  "refsource": "MISC",
                  "url": "https://wordpress.org/plugins/wpdatatables/"
                },
                {
                  "name": "http://jvn.jp/en/jp/JVN14776551/index.html",
                  "refsource": "MISC",
                  "url": "http://jvn.jp/en/jp/JVN14776551/index.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2019-6012",
        "datePublished": "2019-12-26T15:16:50.000Z",
        "dateReserved": "2019-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-04T20:09:23.989Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }