Vulnerability Description
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tms-Outsource | Wpdatatables | < 3.4.2 |
Related Weaknesses (CWE)
References
- https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/Third Party Advisory
- https://wpdatatables.com/help/whats-new-changelog/Release NotesVendor Advisory
- https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3Third Party Advisory
- https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/Third Party Advisory
- https://wpdatatables.com/help/whats-new-changelog/Release NotesVendor Advisory
- https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3Third Party Advisory
FAQ
What is CVE-2021-24198?
CVE-2021-24198 is a vulnerability with a CVSS score of 8.1 (HIGH). The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tam...
How severe is CVE-2021-24198?
CVE-2021-24198 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24198?
Check the references section above for vendor advisories and patch information. Affected products include: Tms-Outsource Wpdatatables.