Skip to main content

Wpdatatables CVE-2023-23876

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-05-03 audit@patchstack.com
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
May 03, 2023 - 14:15 nvd
MEDIUM 5.4

DescriptionNVD

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <= 2.1.49 versions.

AnalysisAI

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <= 2.1.49 versions. Affected products include: Tms-Outsource Wpdatatables.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2021-26754 CRITICAL POC
9.8 Feb 08

wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order

CVE-2014-9175 HIGH POC
7.5 Dec 02

SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote

CVE-2023-4314 HIGH POC
7.2 Sep 11

The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deseriali

CVE-2026-49080 CRITICAL
9.3 Jun 16

SQL injection in the wpDataTables WordPress plugin versions 7.3.6 and earlier allows unauthenticated remote attackers to

CVE-2021-24198 HIGH
8.1 Apr 12

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. Rated high s

CVE-2021-24197 HIGH
8.1 Apr 12

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. Rated high s

CVE-2026-57672 HIGH
7.1 Jul 02

Reflected/stored cross-site scripting in the wpDataTables WordPress plugin (versions 6.5.1.1 and earlier) allows unauthe

CVE-2021-24200 MEDIUM
6.5 Apr 12

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user

CVE-2021-24199 MEDIUM
6.5 Apr 12

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user

CVE-2024-0591 MEDIUM
6.1 Mar 13

The wpDataTables - WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Refl

CVE-2022-29432 MEDIUM
4.8 May 20

Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-

Share

CVE-2023-23876 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy