CVE-2026-5721

Name of the Vulnerable Software and Affected Versions wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin versions prior to 6.5.0.5

Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping in the prepareCellOutput() function of the LinkWDTColumn, ImageWDTColumn, and EmailWDTColumn classes. Unauthenticated attackers can inject arbitrary web scripts into pages. These scripts execute when a user accesses the page, provided an Administrator is tricked into importing data from an attacker-controlled source and the affected column types (Link, Image, or Email) are configured.

Recommendations Update the plugin to a version later than 6.5.0.4.