CVE-2021-24200

The wpDataTables  Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'length' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
WPScanCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
tms-outsourcewpdatatables
𝑥
< 3.4.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/
https://wpdatatables.com/help/whats-new-changelog/
https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9
https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/
https://wpdatatables.com/help/whats-new-changelog/
https://wpscan.com/vulnerability/21aa7e18-0162-45bf-a5c6-ceee64ffa1f9