VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 19 known issues Latest disclosed Apr 20, 2026

wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin Vulnerabilities

Review known vulnerability records for the WordPress plugin wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin (`wpdatatables`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-5721, CVE-2026-28039 and CVE-2024-3820, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
19
High or Critical
9
Patch Coverage
100%
Last Updated
Apr 20, 2026
Priority CVE Quick Links

Fast paths into wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
18
CVE-2024-3820 Critical 6.3.2
CVE-2024-3820 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin SQL Injection

wpDataTables - Tables & Table Charts (Premium) <= 6.3.1 - Unauthenticated SQL Injection

CVE-2014-9175 Critical 1.5.4
CVE-2014-9175 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin SQL Injection

wpDataTables (Premium) <= 1.5.3 - SQL Injection

CVE-2021-26754 High 3.4.1
CVE-2021-26754 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin SQL Injection

wpDataTables (Premium) <= 3.4 - SQL Injection

CVE-2026-28039 High 6.5.0.2
CVE-2026-28039 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin Local File Inclusion

wpDataTables (Premium) <= 6.5.0.1 - Unauthenticated Local File Inclusion

CVE-2021-24198 High 3.4.2
CVE-2021-24198 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin Vulnerability

wpDataTables (Premium) <= 3.4.1 - Improper Access Control leading to Table Data Deletion

CVE-2021-24197 High 3.4.2
CVE-2021-24197 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin Vulnerability

wpDataTables (Premium) <= 3.4.1 - Improper Access Control leading to Table Permission Takeover

CVE-2024-3821 High 6.4
CVE-2024-3821 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin Vulnerability

wpDataTables - Tables & Table Charts (Premium) <= 6.3.2 - Missing Authorization to DataTable Access & Modification

CVE-2019-6012 High 2.0.12
CVE-2019-6012 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin SQL Injection

wpDataTables Lite plugin <= 2.0.11 - SQL injection

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
19 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
3 critical and 6 high severity findings.
Recent CVEs
CVE-2026-5721, CVE-2026-28039 and CVE-2024-3820
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-5721
CVE-2026-5721: wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting via CSV/Excel Data Import

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.5.0.4. This is due to insufficient input sanitization and output escaping in the prepareCellOutp...

Published
Apr 20, 2026
Patched Release
6.5.0.5
Affected Versions
Versions up to 6.5.0.4
Next Step
Update to 6.5.0.5 or newer if supported.
Open CVE-2026-5721 Report Open CVE Reference
Plugin High Patched: Yes CVE-2026-28039
CVE-2026-28039: wpDataTables (Premium) <= 6.5.0.1 - Unauthenticated Local File Inclusion

The wpDataTables (Premium) plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 6.5.0.1. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in th...

Published
Mar 03, 2026
Patched Release
6.5.0.2
Affected Versions
Versions up to 6.5.0.1
Next Step
Update to 6.5.0.2 or newer if supported.
Open CVE-2026-28039 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-3820
CVE-2024-3820: wpDataTables - Tables & Table Charts (Premium) <= 6.3.1 - Unauthenticated SQL Injection

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to SQL Injection via the 'id_key' parameter of the wdt_delete_table_row AJAX action in all versions up to, and including, 6.3.1 due to insufficient escaping on the use...

Published
May 31, 2024
Patched Release
6.3.2
Affected Versions
Versions up to 6.3.1
Next Step
Update to 6.3.2 or newer if supported.
Open CVE-2024-3820 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-3821
CVE-2024-3821: wpDataTables - Tables & Table Charts (Premium) <= 6.3.2 - Missing Authorization to DataTable Access & Modification

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the wdt_ajax_actions.php file in all versions up to, and including, 6.3.2. This makes...

Published
May 31, 2024
Patched Release
6.4
Affected Versions
Versions up to 6.3.2
Next Step
Update to 6.4 or newer if supported.
Open CVE-2024-3821 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-4895
CVE-2024-4895: wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.12 - Unauthenticated Stored Cross-Site Scripting via CSV Import

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escapi...

Published
May 22, 2024
Patched Release
3.4.2.14
Affected Versions
Versions up to 3.4.2.12
Next Step
Update to 3.4.2.14 or newer if supported.
Open CVE-2024-4895 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-0591
CVE-2024-0591: wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 3.4.2.2 - Reflected Cross-Site Scripting.

The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This...

Published
Feb 20, 2024
Patched Release
3.4.2.5
Affected Versions
Versions up to 3.4.2.4
Next Step
Update to 3.4.2.5 or newer if supported.
Open CVE-2024-0591 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-4314
CVE-2023-4314: wpDataTables - Tables & Table Charts <= 2.1.65 - Authenticated(Administrator+) PHP Object Injection

The wpDataTables - Tables & Table Charts plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.65 via deserialization of untrusted input in multiple functions. This allows authenticated attackers with administrator capabilities to inject...

Published
Aug 16, 2023
Patched Release
2.1.66
Affected Versions
Versions before 2.1.66
Next Step
Update to 2.1.66 or newer if supported.
Open CVE-2023-4314 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-23876
CVE-2023-23876: wpDataTables <= 2.1.49 - Authenticated (Contributor+) Stored Cross Site Scripting

The wpDataTables plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.49 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above...

Published
Feb 20, 2023
Patched Release
2.1.50
Affected Versions
Versions up to 2.1.49
Next Step
Update to 2.1.50 or newer if supported.
Open CVE-2023-23876 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-29432
CVE-2022-29432: wpDataTables <= 2.1.27 - Authenticated Cross-Site Scripting

Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin

Published
May 06, 2022
Patched Release
2.1.28
Affected Versions
Versions up to 2.1.27
Next Step
Update to 2.1.28 or newer if supported.
Open CVE-2022-29432 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-25618
CVE-2022-25618: wpDataTables – WordPress Tables & Table Charts Plugin <= 2.1.27 - Authenticated (Admin+) Stored Cross-Site Scripting

The wpDataTables plugin

Published
Apr 04, 2022
Patched Release
2.1.28
Affected Versions
Versions up to 2.1.27
Next Step
Update to 2.1.28 or newer if supported.
Open CVE-2022-25618 Report Open CVE Reference
Plugin High Patched: Yes CVE-2021-24198
CVE-2021-24198: wpDataTables (Premium) <= 3.4.1 - Improper Access Control leading to Table Data Deletion

The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 has Improper Access Control. A low privilege authenticated user that visits the page where the table is published can tamper the parameters to delete the data of another user that are present in the sa...

Published
Mar 16, 2021
Patched Release
3.4.2
Affected Versions
Versions before 3.4.2
Next Step
Update to 3.4.2 or newer if supported.
Open CVE-2021-24198 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-24200
CVE-2021-24200: wpDataTables (Premium) <= 3.4.1 - Blind SQL Injection via length Parameter

The wpDataTables – Tables & Table Charts premium WordPress plugin before 3.4.2 allows a low privilege authenticated user to perform Boolean-based blind SQL Injection in the table list page on the endpoint /wp-admin/admin-ajax.php?action=get_wdtable&table_id=1, on the 'length' HTT...

Published
Mar 16, 2021
Patched Release
3.4.2
Affected Versions
Versions before 3.4.2
Next Step
Update to 3.4.2 or newer if supported.
Open CVE-2021-24200 Report Open CVE Reference