Vulnerability Details : CVE-2021-24197
The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table.
Vulnerability category: BypassGain privilege
Products affected by CVE-2021-24197
- cpe:2.3:a:tms-outsource:wpdatatables:*:*:*:*:premium:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-24197
0.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-24197
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:N |
8.0
|
4.9
|
NIST | |
|
8.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
2.8
|
5.2
|
NIST |
CWE ids for CVE-2021-24197
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: contact@wpscan.com (Secondary)
References for CVE-2021-24197
-
https://wpdatatables.com/help/whats-new-changelog/
What's new / Changelog - wpDataTables - Tables and Charts WordPress PluginRelease Notes;Vendor Advisory
-
https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/
WordPress Plugin wpDataTables - Multiple Vulnerabilities - The Tales of N4nj0Third Party Advisory
-
https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b
Attention Required! | CloudflareThird Party Advisory
Jump to