- Description
- The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 2.7
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
- Severity
- HIGH
- security@wordfence.com
- CWE-918
- Hype score
- Not currently trending
CVE-2025-2940 Server-Side Request Forgery in Ninja Tables WordPress Plugin Versions Below 5.0.19 https://t.co/IjodJM3Ag4
@VulmonFeeds
27 Jun 2025
69 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2940 The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[u… https://t.co/Ay1m74WJOw
@CVEnew
27 Jun 2025
352 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wpmanageninja:ninja_tables:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "293115CD-8B07-4174-B9D0-B52CE7E4A80A",
"versionEndExcluding": "5.0.19"
}
],
"operator": "OR"
}
]
}
]