The WP-DB-Table-Editor plugin used in WordPress can be accessed and changed by unauthorized users, leading to potential loss or changes in data. This is because the plugin does not require a default capability for the ‘dbte_render’ function, making it possible for attackers with contributor access or higher to modify database tables that the theme is using the plugin to edit.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
