Skip to main content

Wpdatatables

12 CVEs product

Monthly

CVE-2026-57672 HIGH This Week

Reflected/stored cross-site scripting in the wpDataTables WordPress plugin (versions 6.5.1.1 and earlier) allows unauthenticated remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they view a crafted page or follow a malicious link. The scope-change (S:C) rating in the CVSS vector indicates the injected script can affect resources beyond the vulnerable component - for example the wider WordPress site context - enabling session/cookie theft or admin-panel actions. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was disclosed through Patchstack's vulnerability database.

XSS Wpdatatables
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-49080 CRITICAL Act Now

SQL injection in the wpDataTables WordPress plugin versions 7.3.6 and earlier allows unauthenticated remote attackers to inject crafted SQL into backend database queries, with CVSS 9.3 reflecting a scope-changed impact that reaches beyond the plugin's own data context. The CVSS vector indicates high confidentiality impact and low availability impact with no integrity impact, suggesting the flaw is primarily useful for extracting sensitive WordPress data (including credentials and PII) rather than tampering with records. No public exploit identified at time of analysis, but Patchstack's disclosure and the unauthenticated network attack vector make this a high-priority issue for any site running the plugin.

SQLi Wpdatatables
NVD
CVSS 3.1
9.3
EPSS
0.3%
CVE-2024-0591 MEDIUM PATCH This Month

The wpDataTables - WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wpdatatables
NVD VulDB
CVSS 3.1
6.1
EPSS
1.6%
CVE-2023-4314 HIGH POC This Week

The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP Wpdatatables
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-23876 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wpdatatables
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-29432 MEDIUM This Month

Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wpdatatables
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-24200 MEDIUM This Month

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Wpdatatables
NVD WPScan
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-24199 MEDIUM This Month

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP Wpdatatables
NVD WPScan
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-24198 HIGH This Week

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wpdatatables
NVD WPScan
CVSS 3.1
8.1
EPSS
1.5%
CVE-2021-24197 HIGH This Week

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wpdatatables
NVD WPScan
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-26754 CRITICAL POC Act Now

wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wpdatatables
NVD
CVSS 3.1
9.8
EPSS
4.6%
CVE-2014-9175 HIGH POC This Week

SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP Wpdatatables
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
4.8%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected/stored cross-site scripting in the wpDataTables WordPress plugin (versions 6.5.1.1 and earlier) allows unauthenticated remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they view a crafted page or follow a malicious link. The scope-change (S:C) rating in the CVSS vector indicates the injected script can affect resources beyond the vulnerable component - for example the wider WordPress site context - enabling session/cookie theft or admin-panel actions. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was disclosed through Patchstack's vulnerability database.

XSS Wpdatatables
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

SQL injection in the wpDataTables WordPress plugin versions 7.3.6 and earlier allows unauthenticated remote attackers to inject crafted SQL into backend database queries, with CVSS 9.3 reflecting a scope-changed impact that reaches beyond the plugin's own data context. The CVSS vector indicates high confidentiality impact and low availability impact with no integrity impact, suggesting the flaw is primarily useful for extracting sensitive WordPress data (including credentials and PII) rather than tampering with records. No public exploit identified at time of analysis, but Patchstack's disclosure and the unauthenticated network attack vector make this a high-priority issue for any site running the plugin.

SQLi Wpdatatables
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

The wpDataTables - WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wpdatatables
NVD VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP +1
NVD WPScan
EPSS 0% CVSS 5.4
MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wpdatatables
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text,. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wpdatatables
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP +1
NVD WPScan
EPSS 1% CVSS 6.5
MEDIUM This Month

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP +1
NVD WPScan
EPSS 1% CVSS 8.1
HIGH This Week

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wpdatatables
NVD WPScan
EPSS 1% CVSS 8.1
HIGH This Week

The wpDataTables - Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wpdatatables
NVD WPScan
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wpdatatables
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi PHP +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy