Sorry, we don't support your browser.  Install a modern browser
This post is closed.

safety issues#511

Subscribe to updates
?

Plugin Name: wpDataTables - Tables & Table Charts
Current Plugin Version: 3.4.2.27
Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “wpDataTables - Tables & Table Charts” until a patched version is available. Get more information.(opens in new tab)
Repository URL: https://wordpress.org/plugins/wpdatatables(opens in new tab)
Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/fbba822b-172f-4167-bccf-4697a298178e?source=plugin(opens in new tab)
Vulnerability Severity: 10.0/10.0 (Critical)

2 years ago

Version: 3.4.2.27 ? Well that’s really old…

From that link you posted:
Vulnerability publicly published: May 31, 2024.
Patched? Yes
Remediation: Update to version 6.3.2, or a newer patched version

Also please see https://wpdatatables.com/help/whats-new-changelog/

So this has been patched about half a year ago, but yes, it was critical.

EDIT: As a premium version user I completely forgot the version numbering of the free version, sorry about that..! However, the below explanation by Stefan should make things clear.

2 years ago
1

Hello,
The vulnerability was found in the full version of wpDataTables v6.3.1, so all PREMIUM versions before that can be affected.

Lite version does not have these functionalities (such as SQL based tables), so Lite version was never affected.

Those reports are not related to the Lite version, but they can be reported in the lite version because the resources where this information about themes or plugins vulnerabilities are stored are generated by the theme or the plugin slug. Those slugs are the same in both lite and the full version, and because of that, you get those notifications.

The important thing is that there’s nothing to worry about. Newer versions of the wpDataTable premium don’t have these issues, and Lite versions never did.

Unfortunately, until wpDataTables Lite goes above version 6.3.1 these reports will indicate a false positive. The lite and the full version have the same slug (wpdatatables), and that’s why the security plugins can’t differentiate between the versions.

I hope this helps.

2 years ago
1

Thank you Stefan for chiming in with a comprehensive answer.

As a premium version user, it seems I managed to completely forget about the version numbering of the Lite version… my apologies to the original poster.

These false positives can be a pain, but it’s true one can never be too careful when security is considered.

(Voting to close, no actual issue anymore nor a feature request.)

2 years ago
1
Changed the status to
Completed
2 years ago
Make a suggestion