CVE-2024-13566: 
WordPress vulnerability analysis and mitigation

The WP DataTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'id' parameter in versions up to and including 0.2.6. This vulnerability was discovered and reported by zaim via Wordfence, with the fix being released in version 0.2.7 on January 31, 2025 (WordPress Plugin).

The vulnerability is classified as a Stored Cross-Site Scripting (CWE-79) issue with a CVSS v3.1 base score of 6.4 (Medium), and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N. The vulnerability stems from insufficient input sanitization and output escaping of the 'id' parameter (NVD).

This vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses an affected page, potentially leading to data theft, session hijacking, or other client-side attacks (NVD).

Users are strongly advised to update to WP DataTable version 0.2.7 or later, which contains the fix for this vulnerability. The update was released on January 31, 2025, and addresses the XSS vulnerability by implementing proper input sanitization (WordPress Plugin).