cleantalk
Vulnerabilities and Security Researches

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin, CVE-2023-4314

CVE, Research URL

CVE-2023-4314

Home page URL

Security reports for wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin

Application

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin

Published on
Sep 12, 2023
Research Description
The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite.
Affected versions
Min -, max 2.1.66.
Status
vulnerable
Previous vulnerability researches
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2022-25618) , Jun 07, 2024
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2022-29432) , Jun 07, 2024
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2019-6012) , Jun 07, 2024
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2014-9175) , Jun 07, 2024
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (CVE-2021-24200) , Jun 07, 2024
New vulnerability
My Tickets (CVE-2025-3761) , Apr 29, 2025
Mang Board WP (CVE-2025-3435) , Apr 29, 2025
Church Admin (CVE-2025-39553) , Apr 29, 2025
Ocean Extra (CVE-2025-3457) , Apr 29, 2025
Ocean Extra (CVE-2025-3458) , Apr 29, 2025