wpDataTables - Tables & Table Charts (Premium) <= 6.3.2 - Missing Authorization to DataTable Access & Modification

Wordfence Intelligence   >   Vulnerability Database   >   wpDataTables - Tables & Table Charts (Premium) <= 6.3.2 - Missing Authorization to DataTable Access & Modification
7.3
Missing Authorization
CVE CVE-2024-3821
CVSS 7.3 (High)
Publicly Published May 31, 2024
Last Updated October 30, 2025
Researcher villu164

Description

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdt_ajax_actions.php file in all versions up to, and including, 6.3.2. This makes it possible for unauthenticated attackers to manipulate data tables. Please note this only affects the premium version of the plugin.

References

Share

Vulnerability Details for wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin

Software Type Plugin
Software Slug wpdatatables (view on wordpress.org)
Patched? Yes
Remediation Update to version 6.4, or a newer patched version
Affected Version
  • <= 6.3.2
Patched Version
  • 6.4

Recent vulnerabilities in wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin

wpDataTables (Premium) <= 7.3.6 - Unauthenticated SQL Injection
7.5
CVE-2026-49080
Jun 8, 2026
Researcher: Bonds
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting via CSV/Excel Data Import
4.7
CVE-2026-5721
Apr 20, 2026
Researcher: Lio
wpDataTables (Premium) <= 6.5.0.1 - Unauthenticated Local File Inclusion
8.1
CVE-2026-28039
Mar 3, 2026
Researcher: Nguyen Xuan Chien
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.12 - Unauthenticated Stored Cross-Site Scripting via CSV Import
4.7
CVE-2024-4895
May 22, 2024
Researcher: Tim Coen
wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.2 - Reflected Cross-Site Scripting.
6.1
CVE-2024-0591
Feb 20, 2024
Researcher: stealthcopter
wpDataTables - Tables & Table Charts <= 2.1.65 - Authenticated(Administrator+) PHP Object Injection
6.6
CVE-2023-4314
Aug 16, 2023
Researcher: Jonatas Souza Villa Flor
wpDataTables <= 2.1.49 - Authenticated (Contributor+) Stored Cross Site Scripting
6.4
CVE-2023-23876
Feb 20, 2023
Researcher: Rafshanzani Suhada
wpDataTables <= 2.1.27 - Authenticated Cross-Site Scripting
5.5
CVE-2022-29432
May 6, 2022
Researcher: R3N0
wpDataTables Lite plugin <= 2.0.11 - SQL injection
7.2
CVE-2019-6012
Oct 16, 2019
Researcher: Gen Sato
wpDataTables Lite plugin <= 2.0.11 - Cross-Site Scripting
6.1
CVE-2019-6011
Oct 16, 2019
Researcher: Gen Sato
# Title CVE ID CVSS Researchers Date
1 wpDataTables (Premium) <= 7.3.6 - Unauthenticated SQL Injection CVE-2026-49080 7.5 Bonds June 8, 2026
2 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting via CSV/Excel Data Import CVE-2026-5721 4.7 Lio April 20, 2026
3 wpDataTables (Premium) <= 6.5.0.1 - Unauthenticated Local File Inclusion CVE-2026-28039 8.1 Nguyen Xuan Chien March 3, 2026
4 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.12 - Unauthenticated Stored Cross-Site Scripting via CSV Import CVE-2024-4895 4.7 Tim Coen May 22, 2024
5 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.2 - Reflected Cross-Site Scripting. CVE-2024-0591 6.1 stealthcopter February 20, 2024
6 wpDataTables - Tables & Table Charts <= 2.1.65 - Authenticated(Administrator+) PHP Object Injection CVE-2023-4314 6.6 Jonatas Souza Villa Flor August 16, 2023
7 wpDataTables <= 2.1.49 - Authenticated (Contributor+) Stored Cross Site Scripting CVE-2023-23876 6.4 Rafshanzani Suhada February 20, 2023
8 wpDataTables <= 2.1.27 - Authenticated Cross-Site Scripting CVE-2022-29432 5.5 R3N0 May 6, 2022
9 wpDataTables Lite plugin <= 2.0.11 - SQL injection CVE-2019-6012 7.2 Gen Sato October 16, 2019
10 wpDataTables Lite plugin <= 2.0.11 - Cross-Site Scripting CVE-2019-6011 6.1 Gen Sato October 16, 2019
View more vulnerabilities in this software package View more vulnerabilities

This record contains material that is subject to copyright.

Copyright 2012-2026 Defiant Inc.

License: Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. Read more.

Copyright 1999-2026 The MITRE Corporation

License: CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy. Read more.

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation