WordPress Plugin Vulnerabilities

wpDataTables < 1.5.4 - Unauthenticated SQL Injection

Description

The wpDataTables – Tables & Table Charts WordPress plugin was affected by a SQL Injection security vulnerability via the table_id parameter of the get_wdtable AJAX action, available to both unauthenticated and authenticated users

Affects Plugins

Plugin icon
wpdatatables
Fixed in 1.5.4

References

CVE
CVE-2014-9175
Exploitdb
35340
URL
https://packetstormsecurity.com/files/#129232/
URL
https://www.homelab.it/index.php/2014/11/23/wordpress-wpdatatables-sql-injection-vulnerability/

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
9.4 (critical)

Miscellaneous

Submitter
Claudio Viviani
Submitter website
http://www.homelab.it
Submitter twitter
homelabit
Verified
No
WPVDB ID
d46b8b0d-abe5-4ec8-b975-27e8d53b9f27

Timeline

Publicly Published
2014-11-25 (about 11 years ago)
Added
2014-11-25 (about 11 years ago)
Last Updated
2021-03-17 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
WPtouch 1.9.8 - include/submit.php Multiple Parameter SQL Injection
Published
2026-03-25
Title
Amelia < 2.1.2 - Authenticated (Custom role+) SQL Injection
Published
2025-05-08
Title
SMS Alert Order Notifications – WooCommerce < 3.8.2 - Unauthenticated SQL Injection
Published
2024-06-19
Title
WP Hotel Booking < 2.1.1 - Unauthenticated SQL Injection
Published
2025-05-16
Title
Interview <= 1.01 - Authenticated (Contributor+) SQL Injection