2 matches found
WordPress wpDataTables Plugin SQL Injection (CVE-2021-26754)
An SQL injection vulnerability exists in WordPress wpDataTables Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2021-26754
CVE-2021-26754 affects the WordPress wpDataTables plugin up to version 3.4.1. The issue stems from mishandling the server-side table order direction (admin-ajax.php?action=get_wdtable order[0][dir]), allowing SQL injection via the order parameter. Reported impact is high (CVE/NVD metrics). Remedi...