WordPress Plugin Vulnerabilities

Data Tables Generator by Supsystic < 1.10.0 - Authenticated SQL Injection

Description

The POST parameter "data[search][text_like]" was used in a SQL statement without being sanitised when searching for Tables in the dashboard, leading to an authenticated SQL Injection issue.

Proof of Concept

Affects Plugins

Plugin icon
data-tables-generator-by-supsystic
Fixed in 1.10.0

References

Exploitdb
49543

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.0 (critical)

Miscellaneous

Original Researcher
Erik David Martin
Verified
Yes
WPVDB ID
117bb262-133d-4117-b279-b5483efb6810

Timeline

Publicly Published
2021-02-08 (about 5 years ago)
Added
2021-02-08 (about 5 years ago)
Last Updated
2021-02-10 (about 5 years ago)

Other

Published
Title
Published
2025-03-31
Title
Ultimate Push Notifications <= 1.2.0 - Subscriber+ SQL Injection
Published
2021-08-22
Title
GSEOR <= 1.3 - Authenticated SQL Injection
Published
2023-06-30
Title
SP Project & Document Manager < 4.68 - Subscriber+ SQLi
Published
2023-06-23
Title
MStore API < 4.0.2 - Unauthenticated SQL Injection
Published
2024-06-20
Title
Themify - WooCommerce Product Filter < 1.5.0 - Unauthenticated SQL Injection via conditions Parameter