WordPress Plugin Vulnerabilities

wpDataTables < 3.4.2 - Improper Access Control leading to Table Permission Takeover

Description

The plugin has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table.

Note: This affect the premium version of the plugin, however, both the premium and free plugins have the same slug.

Affects Plugins

Plugin icon
wpdatatables
Fixed in 3.4.2

References

CVE
CVE-2021-24197
URL
https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/
URL
https://wpdatatables.com/help/whats-new-changelog/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
8.3 (high)

Miscellaneous

Original Researcher
Veno Eivazian, Massimiliano Ferraresi
Submitter
Veno Eivazian
Submitter website
https://n4nj0.github.io/
Verified
Yes
WPVDB ID
a56c04a4-dda0-4a7f-a525-d0349a1fda2b

Timeline

Publicly Published
2021-03-16 (about 4 years ago)
Added
2021-03-25 (about 4 years ago)
Last Updated
2021-03-28 (about 4 years ago)

Other

Published
Title
Published
2023-09-03
Title
FileOrganizer < 1.0.3 - Admin+ Arbitrary File Access
Published
2024-09-12
Title
MStore API – Create Native Android & iOS Apps On The Cloud < 4.15.4 - Unauthorized User Registration
Published
2024-01-10
Title
WP Customer Area < 8.2.1 - Subscriber+ Account Address Update
Published
2022-05-18
Title
JupiterX < 2.0.7 & JupiterX Core < 2.0.7 - Subscriber+ Arbitrary Plugin Deactivation and Settings Update
Published
2025-02-19
Title
Prime Addons for Elementor < 2.0.2 - Authenticated (Contributor+) Insecure Direct Object Reference via pae_global_block Shortcode