Hello,
Thank you for reaching out.
We can confirm that CVE-2026-49080 only affected the Premium version of wpDataTables 7.4 and was fixed in Premium version 7.4.1.
The free wpDataTables Lite versions (including 6.5.0.9) do not include the SQL-related functionality involved in this vulnerability, so this issue does not apply to Lite installations.
Security scanners and security plugins may flag all versions of a plugin family based on the plugin name and CVE record, even when the affected functionality exists only in specific editions. This can result in false-positive warnings for Lite users.
Please let us know if you have any additional questions.
Kind regards,
wpDataTables Support Team
Hi here,
Thank you for the clarification.
We found that our vulnerability database contained incorrect affected-version metadata for CVE-2026-49080. This caused wpDataTables Lite 6.5.0.9 to be flagged incorrectly.
We have corrected the record on our side, so this warning should no longer be triggered for wpDataTables Lite installations after the next database sync or scan refresh.
Sorry for the inconvenience, and thank you for bringing this to our attention.
Kind regards,
CleanTalk Team
Hello Dmitrii,
Thank you for investigating this and for the update.
We appreciate you confirming that the warning was caused by incorrect affected-version metadata in the vulnerability database and that the record has now been corrected.
If anything else comes up, don’t hesitate to open a new post.
Kind regards,
wpDataTables Support Team