Lucene search
K

186 matches found

WPVulnDB
WPVulnDB
added 2021/03/16 12:0 a.m.21 views

wpDataTables < 3.4.2 - Improper Access Control leading to Table Data Deletion

The plugin has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through idkey and idval parameters. By exploiting this issue an attacker is...

5.5CVSS4.1AI score0.0147EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/16 12:0 a.m.29 views

wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter

The plugin allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=getwdtableid=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain...

4CVSS2.5AI score0.01341EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2021/03/16 12:0 a.m.21 views

WordPress wpDataTables plugin <= 3.4.1 - Multiple SQL Injection (SQLi) vulnerabilities

Multiple SQL Injection SQLi vulnerabilities discovered by Veno Eivazian and Massimiliano Ferraresi in the WordPress wpDataTables plugin versions = 3.4.1. Solution Update the WordPress wpDataTables plugin to the latest available version at least 3.4.2...

6.5CVSS3AI score0.01341EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/16 12:0 a.m.20 views

wpDataTables < 3.4.2 - Improper Access Control leading to Table Permission Takeover

The plugin has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdatawdtID...

5.5CVSS3.9AI score0.01237EPSS
Exploits0References2Affected Software1
Check Point Advisories
Check Point Advisories
added 2021/02/22 12:0 a.m.4 views

WordPress wpDataTables Plugin SQL Injection (CVE-2021-26754)

An SQL injection vulnerability exists in WordPress wpDataTables Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

10CVSS5.2AI score0.04615EPSS
Exploits2
CNVD
CNVD
added 2021/02/09 12:0 a.m.11 views

Wordpress wpDataTables SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. wpDataTables is used in one of the chart management plugin . A SQL injection vulnerability exists in wpDataTables...

10CVSS7.6AI score0.04615EPSS
Exploits2References1
OSV
OSV
added 2021/02/08 12:15 a.m.5 views

CVE-2021-26754

wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=getwdtable order0dir SQL injection...

9.8CVSS7.3AI score0.04615EPSS
Exploits2References3
NVD
NVD
added 2021/02/08 12:15 a.m.18 views

CVE-2021-26754

wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=getwdtable order0dir SQL injection...

10CVSS0.04615EPSS
Exploits2References3
Prion
Prion
added 2021/02/08 12:15 a.m.18 views

Sql injection

wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=getwdtable order0dir SQL injection...

10CVSS9.9AI score0.04615EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2021/02/07 11:31 p.m.23 views

CVE-2021-26754

wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=getwdtable order0dir SQL injection...

10AI score0.04615EPSS
Exploits2References3
CVE
CVE
added 2021/02/07 11:31 p.m.108 views

CVE-2021-26754

CVE-2021-26754 affects the WordPress wpDataTables plugin up to version 3.4.1. The issue stems from mishandling the server-side table order direction (admin-ajax.php?action=get_wdtable order[0][dir]), allowing SQL injection via the order parameter. Reported impact is high (CVE/NVD metrics). Remedi...

10CVSS9.9AI score0.04615EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2021/02/07 12:0 a.m.7 views

WordPress SQL注入漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. wpDataTables is used in one of the chart management plugin . A SQL injection vulnerability exists in wpDataTables...

10CVSS7.4AI score0.04615EPSS
Exploits2References4
WPVulnDB
WPVulnDB
added 2021/02/04 12:0 a.m.26 views

wpDataTables < 3.4.1 - Unauthenticated SQL Injection

In the default configuration, a simple table can be published in a page that does not require authentication. The table can be searched, and is vulnerable to SQL Injection via the order parameter. An unauthenticated user visiting the page where the table is published can perform a SQL injection...

10CVSS0.7AI score0.04615EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2021/02/04 12:0 a.m.135 views

wpDataTables < 3.4.1 - Unauthenticated SQL Injection

In the default configuration, a simple table can be published in a page that does not require authentication. The table can be searched, and is vulnerable to SQL Injection via the order parameter. An unauthenticated user visiting the page where the table is published can perform a SQL injection...

10CVSS1AI score0.04615EPSS
Exploits2References1
NVD
NVD
added 2019/12/26 4:15 p.m.19 views

CVE-2019-6012

SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

7.2CVSS7.2AI score0.01447EPSS
Exploits0References2
OSV
OSV
added 2019/12/26 4:15 p.m.4 views

CVE-2019-6012

SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

7.2CVSS7.4AI score0.01447EPSS
Exploits0References2
NVD
NVD
added 2019/12/26 4:15 p.m.29 views

CVE-2019-6011

Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6.1AI score0.00943EPSS
Exploits0References2
OSV
OSV
added 2019/12/26 4:15 p.m.3 views

CVE-2019-6011

Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6.8AI score0.00943EPSS
Exploits0References2
Prion
Prion
added 2019/12/26 4:15 p.m.11 views

Sql injection

SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...

6.5CVSS7.2AI score0.01447EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/12/26 4:15 p.m.11 views

Cross site scripting

Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6.1AI score0.00943EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder