The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to access the data of another user that are present in the same table by taking over the user permissions on the table through formdata[wdt_ID] parameter. By exploiting this issue an attacker is able to access and manage the data of all users in the same table.
Conclusion & alert: CVE-2021-24197 is rated Moderate Risk (56/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.24%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.38% | 1.24% | +0.86% |
| 2 | 2025-03-30 | 4.18% | 0.38% | -3.80% |
| 3 | 2025-03-29 | — | 4.18% | — |
Full EPSS history (11 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 8.1 | 3.1 | HIGH |
|
2.8 | 5.2 | [email protected] |
| 5.5 | 2.0 | MEDIUM |
|
8.0 | 4.9 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| tms-outsource | wpdatatables | < 3.4.2 | cpe:2.3:a:tms-outsource:wpdatatables:*:*:*:*:premium:wordpress:*:* |
| URL | Tags |
|---|---|
| https://n4nj0.github.io/advisories/wordpress-plugin-wpdatatables-ii/ | Third Party Advisory |
| https://wpdatatables.com/help/whats-new-changelog/ | Release Notes Vendor Advisory |
| https://wpscan.com/vulnerability/a56c04a4-dda0-4a7f-a525-d0349a1fda2b | Third Party Advisory |