CVE-2021-24200

Name of the Vulnerable Software and Affected Versions: wpDataTables – Tables & Table Charts premium WordPress plugin versions prior to 3.4.2

Description: The issue allows a low-privilege authenticated user to perform Boolean-based blind SQL Injection on the "/wp-admin/admin-ajax.php?action=get wdtable&table id=1" endpoint, specifically through the length HTTP POST parameter. This enables an attacker to access all database data and obtain access to the WordPress application.

Recommendations: For wpDataTables – Tables & Table Charts premium WordPress plugin versions prior to 3.4.2, update to version 3.4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/admin-ajax.php?action=get wdtable&table id=1" endpoint to minimize the risk of exploitation. Avoid using the length parameter in the affected endpoint until the issue is resolved.