Wpdatatables
CVE-2021-24198
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table.
AnalysisAI
The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-284. The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table. Affected products include: Tms-Outsource Wpdatatables. Version information: before 3.4.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Wpdatatables
View allwpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order
SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote
The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deseriali
SQL injection in the wpDataTables WordPress plugin versions 7.3.6 and earlier allows unauthenticated remote attackers to
The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. Rated high s
Reflected/stored cross-site scripting in the wpDataTables WordPress plugin (versions 6.5.1.1 and earlier) allows unauthe
The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user
The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user
The wpDataTables - WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Refl
Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor pat
Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today