Vulnerability Description
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tms-Outsource | Wpdatatables | < 3.4.2 |
Related Weaknesses (CWE)
References
- https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/Third Party Advisory
- https://wpdatatables.com/help/whats-new-changelog/Release NotesVendor Advisory
- https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2bThird Party Advisory
- https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/Third Party Advisory
- https://wpdatatables.com/help/whats-new-changelog/Release NotesVendor Advisory
- https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2bThird Party Advisory
FAQ
What is CVE-2021-24197?
CVE-2021-24197 is a vulnerability with a CVSS score of 8.1 (HIGH). The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tam...
How severe is CVE-2021-24197?
CVE-2021-24197 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24197?
Check the references section above for vendor advisories and patch information. Affected products include: Tms-Outsource Wpdatatables.