wpDataTables - Tables & Table Charts (Premium) < 6.4 - Missing Authorization to DataTable Access & Modification

Description The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdtajaxactions.php file in all versions up to, and including, 6.3.2. This makes it...

Sql injection

The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=getwdtable&tableid=1, on the 'length' HTTP POST parameter...

CVE-2021-24198

The CVE concerns wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2, with Improper Access Control . A low-privilege authenticated user, on the page where a table is published, can tamper with parameters (id_key, id_val) to delete data belonging to other users in the same t...

CVE-2021-24197

The CVE concerns wpDataTables – Tables & Table Charts premium WordPress plugin, version prior to 3.4.2. The vulnerability is Improper Access Control: a low-privileged authenticated user visiting a published table page can tamper with request parameters (formdata[wdt_ID]) to assume table permissio...

Flexmonster Pivot Table &amp; Charts 2.7.17 - &#039;Remote JSON&#039; Reflected XSS

Exploit Title: Flexmonster Pivot Table & Charts 2.7.17 - 'Remote JSON' Reflected XSS Date: 08/01/2020 Exploit Author: Marco Nappi Vendor Homepage: https://www.flexmonster.com/ Version: Flexmonster Pivot Table & Charts 2.7.17 Tested on: Flexmonster Pivot Table & Charts 2.7.17 CVE : CVE-2020-20139...

Flexmonster Pivot Table &amp; Charts 2.7.17 - &#039;To OLAP&#039; Reflected XSS

Exploit Title: Flexmonster Pivot Table & Charts 2.7.17 - 'To OLAP' Reflected XSS Date: 08/01/2020 Exploit Author: Marco Nappi Vendor Homepage: https://www.flexmonster.com/ Version:Flexmonster Pivot Table & Charts 2.7.17 Tested on:Flexmonster Pivot Table & Charts 2.7.17 CVE : CVE-2020-20141 Cross...

CVE-2020-20140

Cross Site Scripting XSS vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17...

CVE-2020-20141

Cross Site Scripting XSS vulnerability in the To OLAP XMLA component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17...

Cross site scripting

Cross Site Scripting XSS vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17...

Cross site scripting

Cross Site Scripting XSS vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17...

CVE-2020-20139

Cross Site Scripting XSS vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17...

CVE-2020-20142

The provided connected sources confirm CVE-2020-20142 affects Flexmonster Pivot Table & Charts 2.7.17, specifically the "+To Remote CSV" component under the Open menu. The root cause is a reflected XSS due to insufficient input sanitization of the 'path' parameter when fetching file specification...

wpDataTables <= 2.0.7 - XSS & SQL Injection

The wpDataTables – Tables & Table Charts WordPress plugin was affected by a XSS & SQL Injection security vulnerability...

wpDataTables <= 1.5.3 - Unauthenticated Shell Upload

The wpDataTables – Tables & Table Charts WordPress plugin was affected by an Unauthenticated Shell Upload security vulnerability...