Unauthorized Access Vulnerability in wpDataTables Plugin Affects Premium Version
CVE-2024-3821

7.3HIGH

Key Information:

Vendor: Wordpress
Status: WPdatatables – WordPress Data Table, Dynamic Tables & Table Charts Plugin
Vendor: CVE Published:; 1 June 2024

Summary

The wpDataTables plugin for WordPress is exposed to a significant security vulnerability due to inadequate capability checks in the wdt_ajax_actions.php file. This flaw affects all versions up to and including 6.3.2 and specifically impacts the premium version of the plugin. Unauthorized attackers can exploit this vulnerability to manipulate data tables within WordPress sites, posing a risk to both data integrity and user trust. Website administrators using this plugin should prioritize the application of patches or updates to remedy this weak point.

Affected Version(s)

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin * <= 6.3.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wpdatatables.com/help/whats-new-changelog/

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 1, 2024
Vulnerability Reserved
Apr 15, 2024

Credit

Villu Orav