cleantalk
Vulnerabilities and Security Researches

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin, CVE-2021-24200

CVE, Research URL

CVE-2021-24200

Home page URL

Security reports for wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin

Application

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin

Published on
Apr 12, 2021
Research Description
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'length' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.
Affected versions
Min -, max 3.4.2.
Status
vulnerable
Previous vulnerability researches
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2022-25618) , Jun 07, 2024
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2022-29432) , Jun 07, 2024
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2019-6012) , Jun 07, 2024
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2014-9175) , Jun 07, 2024
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2021-24200) , Jun 07, 2024
New vulnerability
Master Slider – Responsive Touch Slider (CVE-2025-39412) , Apr 29, 2025
WordPress Simple Shopping Cart (CVE-2025-3530) , Apr 29, 2025
Brid Video Easy Publish (CVE-2025-32688) , Apr 29, 2025
Material Dashboard (CVE-2025-32486) , Apr 29, 2025
Greenshift – animation and page builder blocks (CVE-2025-3616) , Apr 29, 2025