CVE-2024-2019

HIGH

WP-DB-Table-Editor <1.8.4 - Info Disclosure

Title source: llm

Description

The WP-DB-Table-Editor plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to lack of a default capability requirement on the 'dbte_render' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated attackers, with contributor access and above, to modify database tables that the theme has been configured to use the plugin to edit.

References (2)

Core 2

Core References

Product

https://plugins.trac.wordpress.org/browser/wp-db-table-editor/trunk/db-table-editor.php

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/2d044e0a-a956-4319-985d-6a9a276daf49?source=cve

Scores

CVSS v3 7.5

EPSS 0.0038

EPSS Percentile 30.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (1)

bobbysmith007/WP-DB-Table-Editor < 1.8.4

Published Jun 04, 2024

Tracked Since Feb 18, 2026