Hey there, Awesome Customers!
Just a heads up: We'll be taking a breather to celebrate International Workers' Day (May 1st and 2nd - Wednesday and Thursday) and Orthodox Easter from Good Friday (May 3rd) through Easter Monday (May 6th). So, from May 1st to May 6th, our team will be off enjoying some well-deserved downtime.
During this time, our customer support will be running on a smaller crew, but don't worry! We'll still be around to help with any urgent matters, though it might take us a bit longer than usual to get back to you.
We'll be back in action at full throttle on May 7th (Tuesday), ready to tackle your questions and requests with gusto!
In the meantime, you can explore our documentation for Amelia and wpDataTables. You'll find loads of helpful resources, including articles and handy video tutorials on YouTube (Amelia's YouTube Channel and wpDataTables' YouTube Channel). These gems might just have the answers you're looking for while we're kicking back.
Thanks a bunch for your understanding and support!
Catch you on the flip side!
Warm regards,
TMS
Hi!
we noticed that we can easily bypass any and all security feature of wordpress once we have access to a publicly readable table.
We can only substitue the ID by a new ID and we have access to the table, and bypassing wordpress security :-(
This is a major security threat to our web site.
Would it be possible for WPdatatable to generate and use GUID (UUID) instead of sequential digits as table descriptor?
Thanks!
Hello Yves
Thanks for pointing this out to us.
Unfortunately, I'm not quite sure how to reproduce the issue.
Can you, please explain in a bit more detail, and I will forward it to our development team for testing.
Kind Regards,
Aleksandar Vuković
[email protected]
Rate my support
wpDataTables: FAQ | Facebook | Twitter | Instagram | Front-end and back-end demo | Docs
Amelia: FAQ | Facebook | Twitter | Instagram | Amelia demo sites | Docs | Discord Community
You can try wpDataTables add-ons before purchasing on these sandbox sites:
Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables
Hi!
we can use wp-admin/admin-ajax.php?action=get_wdtable&table_id=13 or wp-admin/admin-ajax.php?action=get_wdtable&table_id=XXX
which will give us the content of any table.
FYI: we will open a CVE on 2020.03.20 to disclose this vulnerability.
Thanks!
Yves
Thank you Yves
Our developers checked this out, and it turns out it happens only for Server-Side tables. They will work on resolving the issue as soon as possible.
Once again - thank you for pointing that out to us! Much appreciated.
Kind Regards,
Aleksandar Vuković
[email protected]
Rate my support
wpDataTables: FAQ | Facebook | Twitter | Instagram | Front-end and back-end demo | Docs
Amelia: FAQ | Facebook | Twitter | Instagram | Amelia demo sites | Docs | Discord Community
You can try wpDataTables add-ons before purchasing on these sandbox sites:
Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables