WordPress Plugin Vulnerabilities

wpDataTables < 2.1.28 - Admin+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
wpdatatables
Fixed in 2.1.28

References

CVE
CVE-2022-25618

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.4 (low)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
02a8b0bc-e434-4be5-8892-cba13d1b4329

Timeline

Publicly Published
2022-04-04 (about 4 years ago)
Added
2022-04-04 (about 4 years ago)
Last Updated
2022-04-10 (about 4 years ago)

Other

Published
Title
Published
2024-01-31
Title
Auto Listings < 2.6.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2025-02-02
Title
seekXL Snapr <= 2.0.6 - Reflected Cross-Site Scripting
Published
2025-03-10
Title
Photo Gallery < 1.8.34 - Unauthenticated Stored XSS
Published
2021-06-21
Title
Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS)
Published
2017-10-17
Title
Max Mega Menu < 2.4 - Authenticated XSS