cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3820,https://securityvulnerability.io/vulnerability/CVE-2024-3820,Unauthenticated SQL Injection Vulnerability in wpDataTables Plugin Affects Premium Users,"The wpDataTables Plugin for WordPress is prone to SQL Injection vulnerabilities via the 'id_key' parameter associated with the wdt_delete_table_row AJAX action. This flaw arises from inadequate escaping of user-supplied data and insufficient preparation of SQL queries. As a result, unauthenticated attackers can manipulate existing SQL commands, potentially gaining unauthorized access to sensitive information stored in the database. This vulnerability impacts the premium version of the plugin and poses significant risks for website owners utilizing this feature.",Wordpress,"WPdatatables – WordPress Data Table, Dynamic Tables & Table Charts Plugin",10,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-01T08:38:58.419Z,0
CVE-2024-3821,https://securityvulnerability.io/vulnerability/CVE-2024-3821,Unauthorized Access Vulnerability in wpDataTables Plugin Affects Premium Version,"The wpDataTables plugin for WordPress is exposed to a significant security vulnerability due to inadequate capability checks in the wdt_ajax_actions.php file. This flaw affects all versions up to and including 6.3.2 and specifically impacts the premium version of the plugin. Unauthorized attackers can exploit this vulnerability to manipulate data tables within WordPress sites, posing a risk to both data integrity and user trust. Website administrators using this plugin should prioritize the application of patches or updates to remedy this weak point.",Wordpress,"WPdatatables – WordPress Data Table, Dynamic Tables & Table Charts Plugin",7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-01T08:38:55.760Z,0
CVE-2024-4895,https://securityvulnerability.io/vulnerability/CVE-2024-4895,Stored Cross-Site Scripting Vulnerability in wpDataTables Plugin,"The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"WPdatatables – WordPress Data Table, Dynamic Tables & Table Charts Plugin",4.7,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-23T02:33:06.431Z,0
CVE-2024-0591,https://securityvulnerability.io/vulnerability/CVE-2024-0591,Reflected Cross-Site Scripting Vulnerability in wpDataTables Plugin for WordPress,The wpDataTables plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate sanitization of user input and improper escaping of output. Attackers may leverage this flaw by tricking users into clicking malicious links that execute arbitrary web scripts within the context of the site. This vulnerability affects all versions of the plugin up to 3.4.2.2 and poses a significant risk to the security of websites utilizing this plugin.,Wordpress,"WPdatatables – WordPress Data Table, Dynamic Tables & Table Charts Plugin",6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:26:50.625Z,0
CVE-2023-4314,https://securityvulnerability.io/vulnerability/CVE-2023-4314,wpDataTables < 2.1.66 - Admin+ PHP Object Injection,"The wpDataTables plugin for WordPress versions prior to 2.1.66 has a deserialization vulnerability that arises from improper validation of input data, specifically when handling serialized PHP arrays. This flaw enables administrative users to deserialize arbitrary data, potentially leading to remote code execution if a suitable gadget chain exists on the server. The risk is particularly acute in environments such as multisite setups, where admin rights should be restricted to prevent unauthorized code execution.",Wordpress,wpDataTables,7.2,HIGH,0.0021899999119341373,false,,false,false,false,,false,false,2023-09-11T20:15:00.000Z,0
CVE-2022-29432,https://securityvulnerability.io/vulnerability/CVE-2022-29432,WordPress wpDataTables plugin <= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities,"Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters.",Wordpress,WPdatatables – Tables & Table Charts (WordPress Plugin),3.4,LOW,0.0005000000237487257,false,,false,false,false,,false,false,2022-05-20T21:15:00.000Z,0
CVE-2022-25618,https://securityvulnerability.io/vulnerability/CVE-2022-25618,WordPress wpDataTables plugin <= 2.1.27 - Stored Cross-Site Scripting (XSS) vulnerability,Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27,Wordpress,WPdatatables – Tables & Table Charts (WordPress Plugin),3.4,LOW,0.0005000000237487257,false,,false,false,false,,false,false,2022-04-04T00:00:00.000Z,0
CVE-2021-24200,https://securityvulnerability.io/vulnerability/CVE-2021-24200,wpDataTables < 3.4.2 - Blind SQL Injection via length Parameter,"The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'length' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.",Wordpress,WPdatatables – Tables & Table Charts,6.5,MEDIUM,0.0010900000343099236,false,,false,false,false,,false,false,2021-04-12T13:59:38.000Z,0
CVE-2021-24199,https://securityvulnerability.io/vulnerability/CVE-2021-24199,wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter,"The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.",Wordpress,WPdatatables – Tables & Table Charts,6.5,MEDIUM,0.0010900000343099236,false,,false,false,false,,false,false,2021-04-12T13:59:17.000Z,0
CVE-2021-24198,https://securityvulnerability.io/vulnerability/CVE-2021-24198,wpDataTables < 3.4.2 - Improper Access Control leading to Table Data Deletion,The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table.,Wordpress,WPdatatables – Tables & Table Charts,8.1,HIGH,0.0014299999456852674,false,,false,false,false,,false,false,2021-04-12T13:58:49.000Z,0
CVE-2021-24197,https://securityvulnerability.io/vulnerability/CVE-2021-24197,wpDataTables < 3.4.2 - Improper Access Control leading to Table Permission Takeover,The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table.,Wordpress,WPdatatables – Tables & Table Charts,8.1,HIGH,0.0010900000343099236,false,,false,false,false,,false,false,2021-04-12T13:58:04.000Z,0
CVE-2014-9175,https://securityvulnerability.io/vulnerability/CVE-2014-9175,,SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php.,Wordpress,WPdatatables,,,0.0015300000086426735,false,,false,false,false,,false,false,2014-12-02T16:00:00.000Z,0