CVE-2021-24198

The wpDataTables  Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
tms-outsourcewpdatatables
𝑥
< 3.4.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/
https://wpdatatables.com/help/whats-new-changelog/
https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3
https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/
https://wpdatatables.com/help/whats-new-changelog/
https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3