Saturday, June 15, 2024

Critical wpDataTables Vulnerability Let Attackers Perform SQL Injection

A critical security vulnerability has been discovered in the wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin, a popular plugin used by WordPress websites to create dynamic tables and charts.

The vulnerability, CVE-2024-3820, allows attackers to perform SQL injection via the ‘id_key’ parameter of the wdt_delete_table_row AJAX action. This flaw affects all versions of the plugin up to and including 6.3.1.

Details of the Vulnerability – CVE-2024-3820

According to the WordFence blogs, the vulnerability arises due to insufficient escaping of user-supplied parameters and insufficient preparation on the existing SQL query.

This allows unauthenticated attackers to append additional SQL queries to already existing queries, potentially extracting sensitive information from the database.

It is important to note that this vulnerability only affects the premium version of the wpDataTables plugin.

Given the critical nature of this vulnerability, it poses a significant risk to websites using the affected versions of the wpDataTables plugin.

All-in-One Cybersecurity Platform for MSPs to provide full breach protection with a single tool, Watch a Full Demo

Attackers exploiting this flaw can gain unauthorized access to sensitive information stored in the database, leading to data breaches, loss of confidential information, and potential damage to the website’s reputation.

Mitigation

Website administrators using the wpDataTables plugin are strongly advised to:

  1. Update the Plugin: Ensure the plugin is updated to the latest version as soon as the developers release a patch.
  2. Monitor for Unusual Activity: Check the website’s logs and database for any unusual activity that could indicate an attempted or successful exploitation.
  3. Implement Web Application Firewalls (WAF): Use a WAF to help detect and block SQL injection attempts.

The discovery of CVE-2024-3820 highlights the importance of regular security audits and updates for WordPress plugins.

Website administrators must remain vigilant and proactive in addressing vulnerabilities to protect their sites from potential attacks.

The wpDataTables plugin developers are expected to release a patch soon, and users are urged to apply it immediately to mitigate the risk.

For more information and updates on this vulnerability, stay tuned to security advisories and the official wpDataTables plugin website.

Get special offers from ANY.RUN Sandbox. Until May 31, get 6 months of free service or extra licenses. Sign up for free.

Website

Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles