CVE-2024-3820 in wpDataTables Puts 70,000 WordPress Sites at Risk

Bar Refael

June 3, 2024

A critical security vulnerability has been discovered in wpDataTables, a popular WordPress plugin used for creating tables and charts. The flaw, tracked as CVE-2024-3820 and rated with a maximum severity score of 10 (CVSS 10), allows attackers to inject malicious SQL code and potentially gain unauthorized access to sensitive data on WordPress sites using the premium version of the plugin.

Vulnerability Overview

  • CVE: CVE-2024-3820
  • Severity: CVSS 10
  • Affected Plugin: wpDataTables (versions up to and including 6.3.1)
  • Description: Insufficient input validation and improper sanitization of the ‘id_key’ parameter in the wdt_delete_table_row AJAX action allow SQL injection.
  • Impact: Data breaches, website defacement, account takeover.
  • Discovery: Security researcher villu164

Technical Details

The vulnerability is caused by a lack of proper input sanitization and parameter binding in SQL queries within the plugin, specifically in the ‘id_key’ parameter of the wdt_delete_table_row AJAX action. This allows attackers to craft and execute malicious SQL queries, bypassing security measures and manipulating or extracting data from the underlying database.

Impact

The widespread use of wpDataTables, with over 70,000 installations, means that the potential impact of this vulnerability is significant. Exploitation can lead to:

  1. Data Breaches: Attackers could steal confidential data, exposing customer information, proprietary data, or financial records.
  2. Website Defacement: Malicious actors could manipulate website content or redirect visitors to harmful websites.
  3. Account Takeover: If user credentials are stored in the database, attackers could gain unauthorized access to WordPress accounts and potentially control websites.

Mitigation and Recommendations

Immediate Actions:

  1. Update wpDataTables: Users should immediately update to the patched version 6.3.2 to mitigate the vulnerability.
  2. Monitor for Indicators of Compromise (IoCs): Implement monitoring to detect any signs of SQL injection attempts or unauthorized access.
  3. Enhance Security Measures: Ensure proper input validation and parameter binding in all SQL queries to prevent similar vulnerabilities.

Indicators of Compromise (IoCs):

  • Monitor database logs for suspicious SQL queries.
  • Check for unexpected changes in data or website content.
  • Look for unauthorized user accounts or changes in user roles.

CVE-2024-3820 represents a critical threat to WordPress sites using wpDataTables. Immediate action to update the plugin and enhance security measures is essential to protect sensitive data and maintain website integrity. Continuous monitoring for signs of exploitation is recommended to ensure early detection and response to potential attacks.

Stay Secure. Stay Informed.

OP Innovate Research Team.

Under Cyber Attack?

Fill out the form and we will contact you immediately.

Get OP Innovate CTI Alerts

Leave your email and get critical updates and alerts straight to your inbox