CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the `createFluentCartTable` function in all versions up to, and including, 5.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary Ninja Tables in the database which can lead to database pollution and resource exhaustion.
Explanation of Vulnerability in Simple Terms
Ninja Tables version 5.2.6 and earlier contains an authorization bypass that allows authenticated users to modify table data they should not have access to. An attacker with a low-privilege account can change table contents without proper permission checks. The vulnerability affects the plugin's core data-handling functionality and requires an active user account to exploit.
What an attacker can do
Modify table data in ways their account permissions should not allow.
Potential impact on your site
Unauthorized users can alter or corrupt table content, potentially affecting site data integrity and user trust.
Conditions required to exploit
Attacker must have a low-privilege user account on the WordPress site.
Key dates
External resources
Related vulnerabilities
