CVE-2021-26754

CVE-2021-26754

EPSS 4.6%

wpDataTables before 3.4.1 mishandles order direction for server-side tables, aka admin-ajax.php?action=get_wdtable order[0][dir] SQL injection.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-i/https://wordpress.org/plugins/wpdatatables/#developers https://wpdatatables.com/help/whats-new-changelog/