7.3

CVE-2024-3821

wpDataTables - Tables & Table Charts (Premium) <= 6.3.2 - Missing Authorization to DataTable Access & Modification

wpDataTables - Tables & Table Charts (Premium) <= 6.3.2 - Missing Authorization to DataTable Access & Modification

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdt_ajax_actions.php file in all versions up to, and including, 6.3.2. This makes it possible for unauthenticated attackers to manipulate data tables. Please note this only affects the premium version of the plugin.
Mögliche Gegenmaßnahme
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin: Update to version 6.4, or a newer patched version
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellerwpdatatables
Produkt wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin
Default Statusunaffected
Version <= 6.3.2
Version 0
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin
Version *-6.3.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.33% 0.24
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@wordfence.com 7.3 3.9 3.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://wpdatatables.com/help/whats-new-changelog/
https://www.wordfence.com/threat-intel/vulnerabilities/id/d32215b5-9ecb-4feb-b76f-18821184dd8b?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/d32215b5-9ecb-4feb-b76f-18821184dd8b
Third Party Advisory