{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T09:44:19.250","vulnerabilities":[{"cve":{"id":"CVE-2021-24199","sourceIdentifier":"contact@wpscan.com","published":"2021-04-12T14:15:14.930","lastModified":"2024-11-21T05:52:34.730","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'start' HTTP POST parameter. This allows an attacker to access all the data in the database and obtain access to the WordPress application."},{"lang":"es","value":"El plugin wp DataTables – Tables & Table Charts premium WordPress versiones anteriores a 3.4.2, permite a un usuario autenticado poco privilegiado llevar a cabo una inyección SQL ciega basada en Booleanos en la página de lista de tablas en el endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, en el parámetro HTTP POST \"start!\". Esto permite a un atacante acceder a todos los datos de la base de datos y conseguir acceso a la aplicación de WordPress"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"contact@wpscan.com","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tms-outsource:wpdatatables:*:*:*:*:premium:wordpress:*:*","versionEndExcluding":"3.4.2","matchCriteriaId":"00C79193-0FAF-4101-B078-43245C9012E5"}]}]}],"references":[{"url":"https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/","source":"contact@wpscan.com","tags":["Third Party Advisory"]},{"url":"https://wpdatatables.com/help/whats-new-changelog/","source":"contact@wpscan.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280","source":"contact@wpscan.com","tags":["Third Party Advisory"]},{"url":"https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://wpdatatables.com/help/whats-new-changelog/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://wpscan.com/vulnerability/5c98c2d6-d002-4cff-9d6f-633cb3ec6280","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}