186 matches found
wpDataTables < 3.4.2 - Improper Access Control leading to Table Data Deletion
The plugin has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through idkey and idval parameters. By exploiting this issue an attacker is...
wpDataTables < 3.4.2 - Blind SQL Injection via start Parameter
The plugin allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=getwdtableid=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain...
WordPress wpDataTables plugin <= 3.4.1 - Multiple SQL Injection (SQLi) vulnerabilities
Multiple SQL Injection SQLi vulnerabilities discovered by Veno Eivazian and Massimiliano Ferraresi in the WordPress wpDataTables plugin versions = 3.4.1. Solution Update the WordPress wpDataTables plugin to the latest available version at least 3.4.2...
wpDataTables < 3.4.2 - Improper Access Control leading to Table Permission Takeover
The plugin has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdatawdtID...
WordPress wpDataTables Plugin SQL Injection (CVE-2021-26754)
An SQL injection vulnerability exists in WordPress wpDataTables Plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Wordpress wpDataTables SQL Injection Vulnerability
WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. wpDataTables is used in one of the chart management plugin . A SQL injection vulnerability exists in wpDataTables...
CVE-2021-26754
wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=getwdtable order0dir SQL injection...
CVE-2021-26754
wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=getwdtable order0dir SQL injection...
Sql injection
wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=getwdtable order0dir SQL injection...
CVE-2021-26754
wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=getwdtable order0dir SQL injection...
CVE-2021-26754
CVE-2021-26754 affects the WordPress wpDataTables plugin up to version 3.4.1. The issue stems from mishandling the server-side table order direction (admin-ajax.php?action=get_wdtable order[0][dir]), allowing SQL injection via the order parameter. Reported impact is high (CVE/NVD metrics). Remedi...
WordPress SQL注入漏洞
WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. wpDataTables is used in one of the chart management plugin . A SQL injection vulnerability exists in wpDataTables...
wpDataTables < 3.4.1 - Unauthenticated SQL Injection
In the default configuration, a simple table can be published in a page that does not require authentication. The table can be searched, and is vulnerable to SQL Injection via the order parameter. An unauthenticated user visiting the page where the table is published can perform a SQL injection...
wpDataTables < 3.4.1 - Unauthenticated SQL Injection
In the default configuration, a simple table can be published in a page that does not require authentication. The table can be searched, and is vulnerable to SQL Injection via the order parameter. An unauthenticated user visiting the page where the table is published can perform a SQL injection...
CVE-2019-6012
SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2019-6012
SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2019-6011
Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2019-6011
Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Sql injection
SQL injection vulnerability in the wpDataTables Lite Version 2.0.11 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...