cleantalk
Vulnerabilities and Security Researches

Ninja Tables – Best Data Table Plugin for WordPress, CVE-2025-2939

CVE, Research URL

CVE-2025-2939

Home page URL

Security reports for Ninja Tables – Best Data Table Plugin for WordPress

Application

Ninja Tables – Best Data Table Plugin for WordPress

Published on
Jun 03, 2025
Research Description
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute arbitrary functions, though it does not allow user supplied parameters only single functions can be called so the impact is limited.
Affected versions
Min -, max 5.0.19.
Status
vulnerable
Previous vulnerability researches
WPBakery Page Builder Addons by Livemesh (CVE-2024-30183) , Jun 07, 2024
WPBakery Page Builder Addons by Livemesh (b0af4c0e7ff387a5f71e14f8b5059a141fd5b7b9) , Jun 07, 2024
WPBakery Page Builder Addons by Livemesh (CVE-2023-50370) , Jun 07, 2024
WPBakery Page Builder Addons by Livemesh (CVE-2024-2079) , Jun 07, 2024
WPBakery Page Builder Addons by Livemesh (CVE-2024-43320) , Aug 20, 2024
New vulnerability
Wordapp (CVE-2025-30927) , Jun 15, 2025
Restrict File Access (CVE-2025-6070) , Jun 15, 2025
Booking Ultra Pro Appointments Booking Calendar Plugin (CVE-2025-30637) , Jun 15, 2025
Free WP Mail SMTP (Official – 2019) (CVE-2025-28974) , Jun 15, 2025
Pay with Contact Form 7 (CVE-2025-24772) , Jun 15, 2025