cleantalk
Vulnerabilities and Security Researches

Ninja Tables – Best Data Table Plugin for WordPress, CVE-2025-2939

CVE, Research URL

CVE-2025-2939

Home page URL

Security reports for Ninja Tables – Best Data Table Plugin for WordPress

Application

Ninja Tables – Best Data Table Plugin for WordPress

Published on
Jun 03, 2025
Research Description
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute arbitrary functions, though it does not allow user supplied parameters only single functions can be called so the impact is limited.
Affected versions
max 5.0.19.
Status
vulnerable
Previous vulnerability researches
Ninja Tables – Best Data Table Plugin for WordPress (CVE-2024-12772) , Feb 01, 2025
Ninja Tables – Best Data Table Plugin for WordPress (CVE-2025-2939) , Jun 14, 2025
Ninja Tables – Best Data Table Plugin for WordPress (CVE-2025-2940) , Jul 02, 2025
Ninja Tables – Best Data Table Plugin for WordPress (CVE-2024-23503) , Jul 10, 2024
Ninja Tables – Best Data Table Plugin for WordPress (CVE-2024-23504) , Jun 10, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025