CVE-2025-2940

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Configurations

No configuration.

History

30 Jun 2025, 18:38

Type Values Removed Values Added
Summary
  • (es) El complemento Ninja Tables – Easy Data Table Builder para WordPress es vulnerable a server-side request forgery en todas las versiones hasta la 5.0.18 incluida, a través del parámetro args[url]. Esto permite a atacantes no autenticados realizar solicitudes web a ubicaciones arbitrarias desde la aplicación web y utilizarlas para consultar y modificar información de servicios internos.

27 Jun 2025, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-06-27 09:15

Updated : 2025-06-30 18:38


NVD link : CVE-2025-2940

Mitre link : CVE-2025-2940

CVE.ORG link : CVE-2025-2940


JSON object : View

Products Affected

No product.

CWE
CWE-918

Server-Side Request Forgery (SSRF)