← Back to CVEs
CVE-2021-24198
HIGH8.1
Description
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the same table through id_key and id_val parameters. By exploiting this issue an attacker is able to delete the data of all users in the same table.
CVE Details
CVSS v3.1 Score8.1
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published4/12/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
tms-outsource:wpdatatables
Weaknesses (CWE)
CWE-284
References
https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/(contact@wpscan.com)
https://wpdatatables.com/help/whats-new-changelog/(contact@wpscan.com)
https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3(contact@wpscan.com)
https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/(af854a3a-2127-422b-91ae-364da2661108)
https://wpdatatables.com/help/whats-new-changelog/(af854a3a-2127-422b-91ae-364da2661108)
https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.