CVE-2021-24198 – This vulnerability in the wpDataTables WordPres... (How to Fix)

Q: What is the severity of CVE-2021-24198?

CVE-2021-24198 has a CVSS score of 8.1 (HIGH). This vulnerability in the wpDataTables WordPress plugin allows authenticated users with low privileges to delete other users' data from shared tables by tampering with URL parameters. It affects WordPress sites using vulnerable versions of the wpDataTables premium plugin. Attackers can exploit this to delete all user data within affected tables.

📋 TL;DR

This vulnerability in the wpDataTables WordPress plugin allows authenticated users with low privileges to delete other users' data from shared tables by tampering with URL parameters. It affects WordPress sites using vulnerable versions of the wpDataTables premium plugin. Attackers can exploit this to delete all user data within affected tables.

💻 Affected Systems

Products:

wpDataTables - Tables & Table Charts (WordPress plugin)

Versions: All versions before 3.4.2

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the premium version of the plugin. Requires the plugin to be installed and tables to be published on pages accessible to authenticated users.

📦 What is this software?

Wpdatatables by Tms Outsource

View all CVEs affecting Wpdatatables →

⚠️ Risk & Real-World Impact

🔴

Worst Case

All user data in vulnerable tables is deleted, causing data loss, service disruption, and potential compliance violations.

🟠

Likely Case

Targeted deletion of specific user data leading to data integrity issues and potential business impact.

🟢

If Mitigated

No impact if proper access controls are implemented or the vulnerability is patched.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing, and authenticated users can exploit this remotely.

🏢 Internal Only: MEDIUM - Internal users with low privileges could still exploit this if they have access to the WordPress site.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but with low privileges. Attack involves tampering with id_key and id_val parameters in URLs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.2

Vendor Advisory: https://wpdatatables.com/help/whats-new-changelog/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find wpDataTables plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 3.4.2+ from wpdatatables.com and manually update.

🔧 Temporary Workarounds

Temporary Access Restriction

all

Restrict access to pages containing wpDataTables tables to only trusted users until patching.

Plugin Deactivation

linux

Temporarily deactivate the wpDataTables plugin if immediate patching isn't possible.

wp plugin deactivate wpdatatables

🧯 If You Can't Patch

Implement strict access controls to limit which users can view pages containing wpDataTables tables
Monitor and audit user activity on pages with wpDataTables tables for suspicious parameter manipulation

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins for wpDataTables version. If version is below 3.4.2, the site is vulnerable.

Check Version:

wp plugin get wpdatatables --field=version

Verify Fix Applied:

After updating, verify the wpDataTables plugin version is 3.4.2 or higher in the WordPress plugins page.

📡 Detection & Monitoring

Log Indicators:

Unusual DELETE operations in WordPress or database logs
Multiple failed parameter validation attempts on pages with wpDataTables

Network Indicators:

HTTP requests to wpDataTables endpoints with manipulated id_key/id_val parameters

SIEM Query:

source="wordpress.log" AND ("wpdatatables" AND ("id_key" OR "id_val")) AND status=200

📊 Metadata

CVE ID: CVE-2021-24198

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-284

Published: April 12, 2021

Last Updated: November 21, 2024

🔗 References

https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/ Third Party Advisory
https://wpdatatables.com/help/whats-new-changelog/ Release Notes,Vendor Advisory
https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3 Third Party Advisory
https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/ Third Party Advisory
https://wpdatatables.com/help/whats-new-changelog/ Release Notes,Vendor Advisory
https://wpscan.com/vulnerability/d953bc62-8a6f-445b-a556-bc25cdd200e3 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24198, you might also want to check these: