CVE Catalog

CVE-2026-54825

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Summary

The wpDataTables plugin in versions 7.4 and earlier contains an unauthenticated SQL injection vulnerability. An attacker can remotely execute arbitrary SQL queries, leading to unauthorized database access.

Risk Assessment

The risk includes sensitive data leakage, modification or deletion of database records, and potential server compromise.

Recommendation

Immediately update the wpDataTables plugin to the latest available version that fixes this vulnerability. If an update is not possible, temporarily disable the plugin or apply WAF rules to block suspicious SQL queries.

Original NVD description (English source)

Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS