CVE-2021-26754

Name of the Vulnerable Software and Affected Versions wpDataTables versions prior to 3.4.1

Description The issue is related to how wpDataTables handles order direction for server-side tables, leading to a SQL injection. This can be exploited through the "admin-ajax.php?action=get wdtable" endpoint, specifically by manipulating the order[0][dir] parameter.

Recommendations For versions prior to 3.4.1, update to version 3.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin-ajax.php?action=get wdtable" endpoint or avoiding the use of the order[0][dir] parameter in this endpoint until the update is applied.