WordPress Plugin Vulnerabilities

Ninja Tables – Easy Data Table Builder < 5.2.6 - Authenticated (Contributor+) Information Exposure

Description

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive user or configuration data.

Affects Plugins

Plugin icon
ninja-tables
Fixed in 5.2.6

References

CVE
CVE-2026-25008
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/baee1bba-c531-4a6a-8e4d-5c44e3d7e84f

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
2.7 (Low)

Miscellaneous

Original Researcher
theviper17
Verified
No
WPVDB ID
3891458c-3331-4c38-ab36-835e4780e29e

Timeline

Publicly Published
2026-01-18 (about 5 months ago)
Added
2026-05-04 (about 1 month ago)
Last Updated
2026-05-04 (about 1 month ago)

Other

Published
Title
Published
2024-06-27
Title
TrustedLogin Vendor < 1.1.1 - Unauthenticated Information Disclosure
Published
2023-11-23
Title
WordPress Job Board and Recruitment Plugin – JobWP < 2.2 - Sensitive Information Exposure
Published
2025-03-11
Title
NEX-Forms – Ultimate Form Builder – Contact forms and much more < 8.8.2 - Unauthenticated Sensitive Information Exposure
Published
2026-04-01
Title
W3 Total Cache < 2.9.4 - Unauthenticated Security Token Exposure via User-Agent Header
Published
2026-03-22
Title
ReviewX < 2.2.12 - Unauthenticated Information Exposure and Data Manipulation