CVE-2024-3820

Name of the Vulnerable Software and Affected Versions wpDataTables (Premium) versions up to and including 6.3.1

Description The issue is related to insufficient protection of SQL query structure, allowing remote attackers to execute arbitrary SQL queries via the id key parameter of the wdt delete table row AJAX action. This vulnerability can be exploited to extract sensitive information from the database. It is estimated that around 70,000 WordPress sites are potentially affected.

Recommendations For versions up to and including 6.3.1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the wdt delete table row AJAX action to minimize the risk of exploitation. Avoid using the id key parameter in the affected AJAX endpoint until the issue is resolved.