CVE Catalog
CVE-2026-54825
CriticalCVSS 9.3Summary
The wpDataTables plugin in versions 7.4 and earlier contains an unauthenticated SQL injection vulnerability. An attacker can remotely execute arbitrary SQL queries, leading to unauthorized database access.
Risk Assessment
The risk includes sensitive data leakage, modification or deletion of database records, and potential server compromise.
Recommendation
Immediately update the wpDataTables plugin to the latest available version that fixes this vulnerability. If an update is not possible, temporarily disable the plugin or apply WAF rules to block suspicious SQL queries.
Original NVD description (English source)
Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.

