CVE-2021-24197

Name of the Vulnerable Software and Affected Versions: wpDataTables – Tables & Table Charts premium WordPress plugin versions prior to 3.4.2

Description: The issue allows a low privilege authenticated user to access and manage the data of other users in the same table by tampering with parameters, specifically through the formdata[wdt ID] parameter. This enables an attacker to take over user permissions on the table, potentially accessing and managing data of all users in the table.

Recommendations: For versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the formdata[wdt ID] parameter to prevent unauthorized data access.