Stephen P

As far as I can see, the new vulnerability is with the Premium edition (and fixed in the latest). But there is a confusion with the Lite edition due to the unfortunate version numbering (see above).

Here is what the Wordfence Vulnerability Database has for all editions of the plugin:
https://www.wordfence.com/threat-intel/vulnerabilities/search?search=wpdatatables

The problem is that the Lite and Premium version use the same slug (wpdatatables) but different version numbering. As a result the Lite version 3.4.2.17 appears vulnerable ion scans when in fact it’s the Premium version 6.3.1 and older that is vulnerable.

The solution is to use different slugs (pretty much impossible at this late stage), or to align the version numbering of the Lite and Premium plugins. Aligned version numbering should be pretty easy to implement if the TMS-Plugins has to will do do so.