CVE-2022-29432

Name of the Vulnerable Software and Affected Versions wpDataTables plugin versions <= 2.1.27

Description The issue concerns Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities. These vulnerabilities can be exploited via the &data-link-text, &data-link-url, &data, &data-shortcode, and &data-star-num vulnerable parameters. The vulnerabilities require an authenticated user with an administrator or higher user role.

Recommendations For wpDataTables plugin versions <= 2.1.27, update to a version higher than 2.1.27 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameters &data-link-text, &data-link-url, &data, &data-shortcode, and &data-star-num until a patch is available.