CVE-2021-24199

medium

Description

The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application.

References

Advisories
More

https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280

https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/

https://wpdatatables.com/help/whats-new-changelog/

Details

Source: Mitre, NVD

Published: 2021-04-12

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.01492