wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter
CVE-2021-24199

6.5MEDIUM

Key Information:

Vendor
Wordpress
Status
WPdatatables – Tables & Table Charts
Vendor
CVE Published:
12 April 2021

Summary

The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.

Affected Version(s)

wpDataTables – Tables & Table Charts 3.4.2

References

https://wpdatatables.com/help/whats-new-changelog/
x_refsource_MISC
https://n4nj0.github.io/advisories/wordpress-plugin-wpdat...
x_refsource_MISC
https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Veno Eivazian, Massimiliano Ferraresi
.