An unauthenticated SQL injection vulnerability in the wpDataTables plugin poses a critical risk by allowing remote attackers to extract sensitive data from the underlying database.

This is an unauthenticated SQL injection vulnerability, allowing attackers to perform unauthorized database operations without requiring login credentials or specific user capabilities.

With a CVSS score of 9.3, this flaw presents a severe risk to data confidentiality and integrity. Compromise of the database could result in the exposure of personally identifiable information (PII) and unauthorized administrative access, posing significant legal and financial risks to the organization.

Immediate Action: Update the wpDataTables plugin to the latest version immediately as recommended by the vendor.

Proactive Monitoring: Review database query logs for suspicious activity, particularly queries originating from unauthenticated sessions that exhibit signs of SQL injection.

Compensating Controls: Utilize a Web Application Firewall (WAF) to intercept and block malicious SQL injection attempts before they reach the plugin's vulnerable parameters.

Public Exploit Available: Unknown

Given the ease of exploitability for unauthenticated SQL injections, this vulnerability should be remediated with the highest priority. Administrators must update the plugin immediately and audit systems for any signs of prior unauthorized access.