Okay
  Public Ticket #3781036
The Plugin "wpDataTables - Tables & Table Charts" has a security vulnerability.
Open

Comments

  • rich started the conversation

    Hello,

    Currently im testing the free version of your wpDataTables, which looks great.  Unfortunetoy theres a major issue in the plugin -

    The Plugin "wpDataTables - Tables & Table Charts" has a security vulnerability.
    Type: Plugin Vulnerable
    Issue Found 09/12/2024 11:09 am
    Critical
    Ignore

        Details

        Plugin Name: wpDataTables - Tables & Table Charts
        Current Plugin Version: 3.4.2.34
        Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove "wpDataTables - Tables & Table Charts" until a patched version is available. Get more information. (opens in new tab)
        Repository URL: https://wordpress.org/plugins/wpdatatables (opens in new tab)
        Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/fbba822b-172f-4167-bccf-4697a298178e?source=plugin (opens in new tab)
        Vulnerability Severity: 10.0/10.0 (Critical)

    Can this be fixed?  Thanks


  •  1,845
    Miloš replied

    Hello,
    As we can see from the report, it states that vulnerability was found in the premium version of wpDataTables version 6.3.1, so that premium version and the ones before that can be affected.

    The Lite version of our Plugin does not have these functionalities (such as SQL based tables), so Lite version was never affected.
    Those reports are not related to the Lite version, but they can be reported in the lite version because the resources where this information about themes or plugins vulnerabilities are stored are generated by the theme or the plugin slug. Those slugs are the same in both lite and the full version, and because of that, you get those notifications.

    The important thing is that there’s nothing to worry about. Newer versions of the wpDataTable premium don’t have these issues, ( the latest one at the time of this reply is 6.7.1) and our Lite plugin versions never did.

    4246932876.png

    Unfortunately, until wpDataTables Lite goes above version 6.3.1 these reports will indicate a false positive. The lite and the full version have the same slug (wpdatatables), and that’s why the security plugins can’t differentiate between the versions.

    I hope this helps, let us know if anything is unclear.

    Thank you.

    Kind Regards, 

    Miloš Jovanović
    [email protected]

    Rate my support

    wpDataTables: FAQ | Facebook | Twitter | InstagramFront-end and back-end demo | Docs

    Amelia: FAQ | Facebook | Twitter | InstagramAmelia demo sites | Docs | Discord Community

    You can try wpDataTables add-ons before purchasing on these sandbox sites:

    Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables