cleantalk
Vulnerabilities and Security Researches

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin, CVE-2021-24197

CVE, Research URL

CVE-2021-24197

Home page URL

Security reports for wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin

Application

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin

Published on
Apr 12, 2021
Research Description
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table.
Affected versions
Min -, max 3.4.2.
Status
vulnerable
Previous vulnerability researches
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2022-25618) , Jun 07, 2024
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2022-29432) , Jun 07, 2024
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2019-6012) , Jun 07, 2024
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2014-9175) , Jun 07, 2024
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2021-24200) , Jun 07, 2024
New vulnerability
My Tickets (CVE-2025-3761) , Apr 29, 2025
Mang Board WP (CVE-2025-3435) , Apr 29, 2025
Church Admin (CVE-2025-39553) , Apr 29, 2025
Ocean Extra (CVE-2025-3457) , Apr 29, 2025
Ocean Extra (CVE-2025-3458) , Apr 29, 2025