Ninja Tables
by WordPress
Source repositories
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-69351 | Hig | 0.55 | 8.5 | 0.00 | Jan 6, 2026 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Blind SQL Injection.This issue affects Ninja Tables: from n/a through <= 5.2.4. | ||
| CVE-2025-67519 | Hig | 0.49 | 7.6 | 0.00 | Dec 9, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows SQL Injection.This issue affects Ninja Tables: from n/a through <= 5.2.3. | ||
| CVE-2022-47137 | Med | 0.38 | 5.9 | 0.00 | May 10, 2023 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPManageNinja LLC Ninja Tables plugin <= 4.3.4 versions. | ||
| CVE-2021-24900 | Med | 0.31 | 4.8 | 0.01 | Feb 1, 2022 | The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | ||
| CVE-2026-2306 | Med | 0.28 | 4.3 | 0.00 | May 6, 2026 | The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the `createFluentCartTable` function in all versions up to, and including, 5.2.6. This makes it possible for… | ||
| CVE-2026-25008 | Med | 0.28 | 4.3 | 0.00 | Feb 19, 2026 | Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5. | ||
| CVE-2022-47136 | Med | 0.28 | 4.3 | 0.00 | May 25, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC Ninja Tables – Best Data Table Plugin for WordPress plugin <= 4.3.4 versions. | ||
| CVE-2025-2940 | 0.00 | — | 0.00 | Jun 27, 2025 | The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary… | |||
| CVE-2025-2939 | 0.00 | — | 0.00 | Jun 3, 2025 | The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauthenticated attackers to… | |||
| CVE-2024-12772 | 0.00 | — | 0.00 | Jan 31, 2025 | The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability. | |||
| CVE-2024-7304 | 0.00 | — | 0.00 | Aug 27, 2024 | The Ninja Tables – Easiest Data Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for… | |||
| CVE-2024-23504 | 0.00 | — | 0.00 | Jun 14, 2024 | Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.5. | |||
| CVE-2024-23503 | 0.00 | — | 0.00 | Jun 11, 2024 | Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.6. | |||
| CVE-2024-35635 | 0.00 | — | 0.00 | Jun 3, 2024 | Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.9. |
- risk 0.55cvss 8.5epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Blind SQL Injection.This issue affects Ninja Tables: from n/a through <= 5.2.4.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows SQL Injection.This issue affects Ninja Tables: from n/a through <= 5.2.3.
- risk 0.38cvss 5.9epss 0.00
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPManageNinja LLC Ninja Tables plugin <= 4.3.4 versions.
- risk 0.31cvss 4.8epss 0.01
The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
- risk 0.28cvss 4.3epss 0.00
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the `createFluentCartTable` function in all versions up to, and including, 5.2.6. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5.
- risk 0.28cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC Ninja Tables – Best Data Table Plugin for WordPress plugin <= 4.3.4 versions.
- CVE-2025-2940Jun 27, 2025risk 0.00cvss —epss 0.00
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary…
- CVE-2025-2939Jun 3, 2025risk 0.00cvss —epss 0.00
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauthenticated attackers to…
- CVE-2024-12772Jan 31, 2025risk 0.00cvss —epss 0.00
The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability.
- CVE-2024-7304Aug 27, 2024risk 0.00cvss —epss 0.00
The Ninja Tables – Easiest Data Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for…
- CVE-2024-23504Jun 14, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.5.
- CVE-2024-23503Jun 11, 2024risk 0.00cvss —epss 0.00
Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.6.
- CVE-2024-35635Jun 3, 2024risk 0.00cvss —epss 0.00
Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.9.