CVE-2014-9175

wpDataTables <1.5.3 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9175. PoCs published by Claudio Viviani.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in WordPress wpDataTables 1.5.3 and below, where the 'table_id' parameter is not sanitized. The PoC includes a URL for manual testing and a sqlmap command for automated exploitation.

Description

SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php.

Exploits (1)

exploitdb WORKING POC
by Claudio Viviani · textwebappsphp
https://www.exploit-db.com/exploits/35340

This exploit demonstrates a SQL injection vulnerability in WordPress wpDataTables 1.5.3 and below, where the 'table_id' parameter is not sanitized. The PoC includes a URL for manual testing and a sqlmap command for automated exploitation.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WordPress wpDataTables <= 1.5.3
No auth needed
Prerequisites: Access to the target WordPress site · wpDataTables plugin installed and activated
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

EPSS 0.0474
EPSS Percentile 90.7%

Details

CWE
CWE-89
Status published
Products (1)
wpdatatables/wpdatatables < 1.5.3
Published Dec 02, 2014
Tracked Since Feb 18, 2026