Stored Cross-Site Scripting Vulnerability in wpDataTables Plugin for WordPress
CVE-2026-5721

4.7MEDIUM

Key Information:

Vendor: WordPress
Status: WPdatatables – WordPress Data Table, Dynamic Tables & Table Charts Plugin
Vendor: CVE Published:; 20 April 2026

What is CVE-2026-5721?

The wpDataTables plugin for WordPress is vulnerable to a Stored Cross-Site Scripting (XSS) flaw due to inadequate input sanitization and output escaping in its core methods. This vulnerability affects all versions up to and including 6.5.0.4, allowing unauthenticated attackers to inject malicious web scripts. These scripts can execute in the context of a user's session if an administrator is misled into importing data from a compromised source while utilizing specific column types, such as Link, Image, or Email.

Affected Version(s)

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin 0 <= 6.5.0.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3510613/

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2026
Vulnerability Reserved
Apr 6, 2026

Credit

Thai Do Nhat

CVE-2026-5721 Data

JSON