VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 13 known issues Latest disclosed May 05, 2026

Ninja Tables – Easy Data Table Builder Vulnerabilities

Review known vulnerability records for the WordPress plugin Ninja Tables – Easy Data Table Builder (`ninja-tables`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-2306, CVE-2026-25008 and CVE-2025-69351, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
13
High or Critical
1
Patch Coverage
100%
Last Updated
May 05, 2026
Related Security Guides

Use these guides while reviewing Ninja Tables – Easy Data Table Builder fixes

Pair this plugin vulnerability hub with practical WordPress hardening, scanner, and patch workflow guidance.

Hardening
WordPress hardening checklist for exposed plugins

Review patch cadence, privileged access, XML-RPC exposure, backups, and monitoring controls.
Plugin Security
WordPress plugin security basics for patch decisions

Use ownership, update testing, least privilege, and removal criteria to reduce plugin risk.
Scanning
WordPress vulnerability scanner buyer's guide

Compare scanner coverage for plugin CVEs, version detection, alert noise, and remediation workflow.
Patch Decision Workflow

How to prioritize Ninja Tables – Easy Data Table Builder remediation

Use the hub as a decision layer before opening individual records: confirm whether the issue has a CVE, whether a fixed version exists, and whether the affected range overlaps production installs.

Search-Ready Records
13
1. Match the Package
Confirm the installed WordPress plugin slug is ninja-tables before acting on any CVE from this cluster.
2. Sort by Severity
Start with 1 high or critical record, then review medium and unrated findings with public references.
3. Check Patch Evidence
13 records include a patch path; verify compatibility before closing the finding.
4. Monitor Gaps
0 records still lack a listed fixed release, so keep this hub in the review queue.
High-Signal Remediation Targets
CVE-2025-2940 High
Server-Side Request Forgery remediation for Ninja Tables – Easy Data Table Builder

Affected range: Versions up to 5.0.18. Fixed version: 5.0.19.

CVE-2025-69351 Medium
SQL Injection remediation for Ninja Tables – Easy Data Table Builder

Affected range: Versions up to 5.2.4. Fixed version: 5.2.5.

CVE-2024-7304 Medium
File Upload remediation for Ninja Tables – Easy Data Table Builder

Affected range: Versions up to 5.0.12. Fixed version: 5.0.13.

CVE-2025-2939 Medium
Remote Code Execution remediation for Ninja Tables – Easy Data Table Builder

Affected range: Versions up to 5.0.18. Fixed version: 5.0.19.

Priority CVE Quick Links

Fast paths into Ninja Tables – Easy Data Table Builder CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
13
Tracked CVE Issue Type Affected Versions Fixed Version CVSS
CVE-2025-2940
Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated Server-Side Reque...
 Server-Side Request Forgery Versions up to 5.0.18 5.0.19 CVSS 7.2
CVE-2025-69351
Ninja Tables <= 5.2.4 - Authenticated (Contributor+) SQL Injection
 SQL Injection Versions up to 5.2.4 5.2.5 CVSS 6.5
CVE-2024-7304
Ninja Tables – Easiest Data Table Builder <= 5.0.12 - Authenticated (Author+) Stored...
 File Upload Versions up to 5.0.12 5.0.13 CVSS 6.4
CVE-2025-2939
Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated PHP Object Inject...
 Remote Code Execution Versions up to 5.0.18 5.0.19 CVSS 5.6
CVE-2024-35635
Ninja Tables – Easiest Data Table Builder <= 5.0.9 - Authenticated (Admin+) Server-S...
 Server-Side Request Forgery Versions up to 5.0.9 5.0.10 CVSS 5.5
CVE-2024-23504
Ninja Tables <= 5.0.5 - Missing Authorization
 Vulnerability Versions up to 5.0.5 5.0.6 CVSS 5.3
CVE-2025-67519
Ninja Tables <= 5.2.3 - Authenticated (Administrator+) SQL Injection
 SQL Injection Versions up to 5.2.3 5.2.4 CVSS 4.9
CVE-2021-24900
Ninja Tables <= 4.1.7 - Admin+ Stored Cross-Site Cross-Site Scripting
 Cross-Site Scripting Versions up to 4.1.7 4.1.8 CVSS 4.8
CVE-2025-2940 High 5.0.19
CVE-2025-2940 Ninja Tables – Easy Data Table Builder Server-Side Request Forgery

Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated Server-Side Request Forgery

CVE-2025-69351 Medium 5.2.5
CVE-2025-69351 Ninja Tables – Easy Data Table Builder SQL Injection

Ninja Tables <= 5.2.4 - Authenticated (Contributor+) SQL Injection

CVE-2024-7304 Medium 5.0.13
CVE-2024-7304 Ninja Tables – Easy Data Table Builder File Upload

Ninja Tables – Easiest Data Table Builder <= 5.0.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

CVE-2025-2939 Medium 5.0.19
CVE-2025-2939 Ninja Tables – Easy Data Table Builder Remote Code Execution

Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated PHP Object Injection to Limited Remote Code Execution

CVE-2024-35635 Medium 5.0.10
CVE-2024-35635 Ninja Tables – Easy Data Table Builder Server-Side Request Forgery

Ninja Tables – Easiest Data Table Builder <= 5.0.9 - Authenticated (Admin+) Server-Side Request Forgery

CVE-2024-23504 Medium 5.0.6
CVE-2024-23504 Ninja Tables – Easy Data Table Builder Vulnerability

Ninja Tables <= 5.0.5 - Missing Authorization

CVE-2025-67519 Medium 5.2.4
CVE-2025-67519 Ninja Tables – Easy Data Table Builder SQL Injection

Ninja Tables <= 5.2.3 - Authenticated (Administrator+) SQL Injection

CVE-2021-24900 Medium 4.1.8
CVE-2021-24900 Ninja Tables – Easy Data Table Builder Cross-Site Scripting

Ninja Tables <= 4.1.7 - Admin+ Stored Cross-Site Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters tracked records for Ninja Tables – Easy Data Table Builder so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
13 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 1 high severity finding.
Recent CVEs
CVE-2026-2306, CVE-2026-25008 and CVE-2025-69351
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Ninja Tables – Easy Data Table Builder

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-2306
CVE-2026-2306: Ninja Tables <= 5.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Table Creation

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the `createFluentCartTable` function in all versions up to, and including, 5.2.6. This makes it possible for authenticated...

Published
May 05, 2026
Patched Release
5.2.7
Affected Versions
Versions up to 5.2.6
Next Step
Update to 5.2.7 or newer if supported.
Review CVE-2026-2306 fixed version details Open CVE Reference
Plugin Medium Patched: Yes CVE-2026-25008
CVE-2026-25008: Ninja Tables – Easy Data Table Builder <= 5.2.5 - Authenticated (Contributor+) Information Exposure

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive user or c...

Published
Jan 18, 2026
Patched Release
5.2.6
Affected Versions
Versions up to 5.2.5
Next Step
Update to 5.2.6 or newer if supported.
Review CVE-2026-25008 fixed version details Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-69351
CVE-2025-69351: Ninja Tables <= 5.2.4 - Authenticated (Contributor+) SQL Injection

The Ninja Tables plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.2.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacker...

Published
Jan 07, 2026
Patched Release
5.2.5
Affected Versions
Versions up to 5.2.4
Next Step
Update to 5.2.5 or newer if supported.
Review CVE-2025-69351 fixed version details Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-67519
CVE-2025-67519: Ninja Tables <= 5.2.3 - Authenticated (Administrator+) SQL Injection

The Ninja Tables plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 5.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attacker...

Published
Dec 15, 2025
Patched Release
5.2.4
Affected Versions
Versions up to 5.2.3
Next Step
Update to 5.2.4 or newer if supported.
Review CVE-2025-67519 fixed version details Open CVE Reference
Plugin High Patched: Yes CVE-2025-2940
CVE-2025-2940: Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated Server-Side Request Forgery

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...

Published
Jun 26, 2025
Patched Release
5.0.19
Affected Versions
Versions up to 5.0.18
Next Step
Update to 5.0.19 or newer if supported.
Review CVE-2025-2940 fixed version details Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-2939
CVE-2025-2939: Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated PHP Object Injection to Limited Remote Code Execution

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauthenticated attackers to in...

Published
Jun 02, 2025
Patched Release
5.0.19
Affected Versions
Versions up to 5.0.18
Next Step
Update to 5.0.19 or newer if supported.
Review CVE-2025-2939 fixed version details Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-12772
CVE-2024-12772: Ninja Tables – Easy Data Table <= 5.0.16 - Authenticated (Admin+) Stored Cross-Site Scripting

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in all versions up to, and including, 5.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attacker...

Published
Jan 09, 2025
Patched Release
5.0.17
Affected Versions
Versions up to 5.0.16
Next Step
Update to 5.0.17 or newer if supported.
Review CVE-2024-12772 fixed version details Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-7304
CVE-2024-7304: Ninja Tables – Easiest Data Table Builder <= 5.0.12 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Ninja Tables – Easiest Data Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 5.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a...

Published
Aug 26, 2024
Patched Release
5.0.13
Affected Versions
Versions up to 5.0.12
Next Step
Update to 5.0.13 or newer if supported.
Review CVE-2024-7304 fixed version details Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-35635
CVE-2024-35635: Ninja Tables – Easiest Data Table Builder <= 5.0.9 - Authenticated (Admin+) Server-Side Request Forgery

The Ninja Tables – Easiest Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbi...

Published
May 30, 2024
Patched Release
5.0.10
Affected Versions
Versions up to 5.0.9
Next Step
Update to 5.0.10 or newer if supported.
Review CVE-2024-35635 fixed version details Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-23504
CVE-2024-23504: Ninja Tables <= 5.0.5 - Missing Authorization

The Ninja Tables plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the defaultExport() and dragAndDropExport() functions in versions up to, and including, 5.0.5. This makes it possible for unauthenticated attackers to export table data...

Published
Jan 19, 2024
Patched Release
5.0.6
Affected Versions
Versions up to 5.0.5
Next Step
Update to 5.0.6 or newer if supported.
Review CVE-2024-23504 fixed version details Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-47136
CVE-2022-47136: Ninja Tables <= 4.3.4 - Cross-Site Request Forgery

The Ninja Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.4. This is due to missing or incorrect nonce validation on the remindMeLater function. This makes it possible for unauthenticated attackers to dismiss an admin...

Published
Apr 20, 2023
Patched Release
4.3.5
Affected Versions
Versions up to 4.3.4
Next Step
Update to 4.3.5 or newer if supported.
Review CVE-2022-47136 fixed version details Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-47137
CVE-2022-47137: Ninja Tables <= 4.3.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin settings

The Ninja Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 4.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-le...

Published
Apr 19, 2023
Patched Release
4.3.5
Affected Versions
Versions up to 4.3.4
Next Step
Update to 4.3.5 or newer if supported.
Review CVE-2022-47137 fixed version details Open CVE Reference