Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-06-17
CVE-2026-2306 - Easy Data Table Builder Plugin
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the `createFluentCartTable` function in all versions up to, and including, 5.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary Ninja Tables in the database which can lead to database pollution and resource exhaustion.
PLUGIN
Easy Data Table Builder
CVE-2026-2306
Risk Score
Threat Entry
Updated 2025-07-07
CVE-2025-2940 - Easy Data Table Builder Plugin
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
PLUGIN
Easy Data Table Builder
CVE-2025-2940
Risk Score
Threat Entry
Updated 2025-07-10
CVE-2025-2939 - Easy Data Table Builder Plugin
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute arbitrary functions, though it does not allow user supplied parameters only single functions can be called so the impact is limited.
PLUGIN
Easy Data Table Builder
CVE-2025-2939
Risk Score