186 matches found
CVE-2021-24197
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by takin...
CVE-2021-24197
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by takin...
CVE-2021-24199
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=getwdtable&tableid=1, on the 'start' HTTP POST parameter. Th...
CVE-2021-24198
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through...
Sql injection
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=getwdtable&tableid=1, on the 'length' HTTP POST parameter...
Improper access control
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by takin...
Improper access control
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through...
CVE-2021-24200 wpDataTables < 3.4.2 - Blind SQL Injection via length Parameter
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=getwdtable&tableid=1, on the 'length' HTTP POST parameter...
CVE-2021-24200
The CVE-2021-24200 vulnerability affects the wpDataTables – Tables & Table Charts premium WordPress plugin prior to version 3.4.2. A low-privilege authenticated user can trigger a Boolean-based blind SQL Injection on the table list page via /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, ...
CVE-2021-24199 wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=getwdtable&tableid=1, on the 'start' HTTP POST parameter. Th...
CVE-2021-24199
CVE-2021-24199 affects the wpDataTables – Tables & Table Charts premium WordPress plugin (versions before 3.4.2). The vulnerability is a Boolean-based blind SQL Injection in the table list page, exploitable via the POST parameter start on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&t...
CVE-2021-24198 wpDataTables < 3.4.2 - Improper Access Control leading to Table Data Deletion
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through...
CVE-2021-24198
The CVE concerns wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2, with Improper Access Control . A low-privilege authenticated user, on the page where a table is published, can tamper with parameters (id_key, id_val) to delete data belonging to other users in the same t...
CVE-2021-24197
The CVE concerns wpDataTables – Tables & Table Charts premium WordPress plugin, version prior to 3.4.2. The vulnerability is Improper Access Control: a low-privileged authenticated user visiting a published table page can tamper with request parameters (formdata[wdt_ID]) to assume table permissio...
CVE-2021-24197 wpDataTables < 3.4.2 - Improper Access Control leading to Table Permission Takeover
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by takin...
WordPress plugin WpDataTables – Tables & Table Charts premium 安全漏洞
WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. wpDataTables is used in one of the chart management plugin . WordPress plugin WpDataTables - Tables & Table Charts...
WordPress和Sprymedia DataTables SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.Sprymedia DataTables is a JavaScript library for converting HTML tables to dynamic tables from the UK company...
WordPress SQL注入漏洞
WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. wpDataTables is used in one of the chart management plugin . WordPress plugin WpDataTables-Tables & Table Charts...
WordPress plugin WpDataTables – Tables & Table Charts premium 安全漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.Sprymedia DataTables is a JavaScript library for converting HTML tables to dynamic tables from the UK company...
wpDataTables < 3.4.2 - Blind SQL Injection via length Parameter
The plugin allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=getwdtableid=1, on the 'length' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain...