wpDataTables – Tables & Table Charts (Premium) < 6.4 – Missing Authorization to DataTable Access & Modification | CVE 2024-3821 | Plugin Vulnerabilities

Description

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdt_ajax_actions.php file in all versions up to, and including, 6.3.2. This makes it possible for unauthenticated attackers to manipulate data tables. Please note this only affects the premium version of the plugin.

Affects Plugins

Fixed in 6.4

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/d32215b5-9ecb-4feb-b76f-18821184dd8b

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

villu164

Verified

No

WPVDB ID

72060d33-e561-41a5-b2f6-f6cb6922f159

Timeline

Publicly Published

2024-05-31 (about 2 years ago)

Added

2024-05-31 (about 2 years ago)

Last Updated

2024-07-29 (about 1 year ago)

Other

Published

Title

Published

2023-01-05

Title

Social Warfare < 4.3.1 - Subscriber+ Post Meta Deletion

Published

2024-05-15

Title

weMail < 1.14.3 - Missing Authorization to Notice Dismissal

Published

2026-01-30

Title

Fitness FSE <= 1.0.6 - Missing Authorization

Published

2025-04-01

Title

Cue < 2.4.5 - Missing Authorization

Published

2025-12-22

Title

FV Simpler SEO < 1.9.7 - Missing Authorization