← Zuruck zu CVEs

CVE-2021-24197

HIGH

8.1

Beschreibung

The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table.

CVE Details

CVSS v3.1 Bewertung8.1

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht4/12/2021

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

tms-outsource:wpdatatables

Schwachen (CWE)

CWE-284

Referenzen

https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/(contact@wpscan.com)

https://wpdatatables.com/help/whats-new-changelog/(contact@wpscan.com)

https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b(contact@wpscan.com)

https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/(af854a3a-2127-422b-91ae-364da2661108)

https://wpdatatables.com/help/whats-new-changelog/(af854a3a-2127-422b-91ae-364da2661108)

https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.