WordPress Plugin Vulnerabilities

Data Tables Generator by Supsystic < 1.10.32 - Missing Authorization

Description

The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.10.31. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions.

Affects Plugins

Plugin icon
data-tables-generator-by-supsystic
Fixed in 1.10.32

References

CVE
CVE-2024-32829
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/1c61b3a7-25a9-4890-a294-378883ebe11d

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Steven Julian
Verified
No
WPVDB ID
20eef380-9395-4d11-8698-8c288a1baa1b

Timeline

Publicly Published
2024-04-22 (about 2 years ago)
Added
2024-04-29 (about 2 years ago)
Last Updated
2024-04-29 (about 2 years ago)

Other

Published
Title
Published
2024-03-29
Title
Spiffy Calendar < 4.9.11 - Missing Authorization
Published
2026-06-10
Title
Royal MCP < 1.4.26 - Subscriber+ Insufficient Authorization in MCP Tools
Published
2022-11-21
Title
Betheme < 26.6.3 - Missing Authorization
Published
2026-01-06
Title
AffiliateX < 1.4.0 - Missing Authorization
Published
2024-08-20
Title
Event Espresso 4 Decaf – Event Registration Event Ticketing < 5.0.22.decafdecaf- Authenticated (Subscriber+) Missing Authorization to Limited Plugin Settings Modification