Vulnerability Details CVE-2025-2940
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.3%
CVSS Severity
CVSS v3 Score 7.2
References
- https://plugins.trac.wordpress.org/browser/ninja-tables/tags/5.0.18/vendor/wpfluent/framework/src/WPFluent/Http/Client.php#L268
- https://plugins.trac.wordpress.org/browser/ninja-tables/tags/5.0.19/vendor/wpfluent/framework/src/WPFluent/Http/Client.php
- https://plugins.trac.wordpress.org/browser/ninja-tables/trunk/vendor/wpfluent/framework/src/WPFluent/Http/Client.php#L268
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3269692%40ninja-tables&new=3269692%40ninja-tables&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/02480559-be5c-4d23-9e62-bb76fafb4f42?source=cve
Products affected by CVE-2025-2940
-
cpe:2.3:a:wpmanageninja:ninja_tables:-
-
cpe:2.3:a:wpmanageninja:ninja_tables:1.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:1.1.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:1.1.3
-
cpe:2.3:a:wpmanageninja:ninja_tables:1.2.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:1.3.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:1.5.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:1.8.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:1.8.2
-
cpe:2.3:a:wpmanageninja:ninja_tables:1.8.3
-
cpe:2.3:a:wpmanageninja:ninja_tables:1.8.4
-
cpe:2.3:a:wpmanageninja:ninja_tables:1.9.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:1.9.5
-
cpe:2.3:a:wpmanageninja:ninja_tables:1.9.7
-
cpe:2.3:a:wpmanageninja:ninja_tables:1.9.8
-
cpe:2.3:a:wpmanageninja:ninja_tables:1.9.9
-
cpe:2.3:a:wpmanageninja:ninja_tables:2.0.3
-
cpe:2.3:a:wpmanageninja:ninja_tables:2.0.4
-
cpe:2.3:a:wpmanageninja:ninja_tables:2.0.8
-
cpe:2.3:a:wpmanageninja:ninja_tables:2.0.9
-
cpe:2.3:a:wpmanageninja:ninja_tables:2.1.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:2.1.1
-
cpe:2.3:a:wpmanageninja:ninja_tables:2.2.6
-
cpe:2.3:a:wpmanageninja:ninja_tables:2.3.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:2.3.3
-
cpe:2.3:a:wpmanageninja:ninja_tables:2.3.4
-
cpe:2.3:a:wpmanageninja:ninja_tables:2.4.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:2.4.1
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.0.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.0.5
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.0.6
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.1.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.2.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.2.3
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.2.4
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.3.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.3.3
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.4.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.4.3
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.4.5
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.5.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.5.10
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.5.11
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.5.12
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.5.2
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.5.5
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.5.7
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.5.8
-
cpe:2.3:a:wpmanageninja:ninja_tables:3.5.9
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.0.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.0.1
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.0.2
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.1.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.1.1
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.1.11
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.1.12
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.1.13
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.1.14
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.1.2
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.1.3
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.1.4
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.1.5
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.1.6
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.1.7
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.1.8
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.1.9
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.2.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.2.1
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.2.2
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.2.3
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.3.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.3.1
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.3.2
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.3.3
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.3.4
-
cpe:2.3:a:wpmanageninja:ninja_tables:4.3.5
-
cpe:2.3:a:wpmanageninja:ninja_tables:5.0.0
-
cpe:2.3:a:wpmanageninja:ninja_tables:5.0.1
-
cpe:2.3:a:wpmanageninja:ninja_tables:5.0.10
-
cpe:2.3:a:wpmanageninja:ninja_tables:5.0.11
-
cpe:2.3:a:wpmanageninja:ninja_tables:5.0.12
-
cpe:2.3:a:wpmanageninja:ninja_tables:5.0.13
-
cpe:2.3:a:wpmanageninja:ninja_tables:5.0.17
-
cpe:2.3:a:wpmanageninja:ninja_tables:5.0.2
-
cpe:2.3:a:wpmanageninja:ninja_tables:5.0.3
-
cpe:2.3:a:wpmanageninja:ninja_tables:5.0.4
-
cpe:2.3:a:wpmanageninja:ninja_tables:5.0.5
-
cpe:2.3:a:wpmanageninja:ninja_tables:5.0.6
-
cpe:2.3:a:wpmanageninja:ninja_tables:5.0.7
-
cpe:2.3:a:wpmanageninja:ninja_tables:5.0.8
-
cpe:2.3:a:wpmanageninja:ninja_tables:5.0.9