WordPress Plugin Vulnerabilities

Data Tables Generator by Supsystic < 1.10.37 - Missing Authorization

Description

The Data Tables Generator by Supsystic plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.10.36. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
data-tables-generator-by-supsystic
Fixed in 1.10.37

References

CVE
CVE-2024-56253
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/2275f49d-2b31-4e24-aa3f-16f5febd2738

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Jingle Bells
Verified
No
WPVDB ID
7d45569b-e117-4ee7-9ce2-9ad10ecb3500

Timeline

Publicly Published
2024-12-30 (about 1 year ago)
Added
2025-01-08 (about 1 year ago)
Last Updated
2025-01-08 (about 1 year ago)

Other

Published
Title
Published
2025-10-12
Title
Masterstudy Elementor Widgets < 1.2.5 - Missing Authorization
Published
2024-10-25
Title
GRÜN spendino Spendenformular <= 1.0.1 - Unauthenticated Arbitrary Options Update
Published
2024-07-11
Title
WP GoToWebinar < 15.7 - Missing Authorization
Published
2025-12-19
Title
Bit Assist < 1.6.0 - Missing Authorization
Published
2022-06-30
Title
Accordions < 2.0.3 - Unauthenticated Arbitrary Options Update