Unrated severityNVD Advisory· Published Apr 12, 2021· Updated Aug 3, 2024
wpDataTables < 3.4.2 - Blind SQL Injection via length Parameter
CVE-2021-24200
Description
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'length' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- wpDataTables/wpDataTables – Tables & Table Chartsv5Range: 3.4.2
Patches
Vulnerability mechanics
References
3- n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/mitrex_refsource_MISC
- wpdatatables.com/help/whats-new-changelog/mitrex_refsource_MISC
- wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.