CVE-2026-25008 MEDIUM

CVE-2026-25008: WordPress Ninja Tables plugin <= 5.2.5 - Sensitive Data Exposure vulnerability

Vendor Shahjahan Jewel
Product Ninja Tables
Weakness CWE-201
Published February 19, 2026
Last update April 28, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5.

Explanation of Vulnerability in Simple Terms

02Summary

Ninja Tables versions up to 5.2.5 expose sensitive information to authenticated users with low privileges. An attacker with a basic user account can read data they should not have access to. The vulnerability requires login credentials but no additional user interaction. Update to a version newer than 5.2.5 to resolve this issue.

What an attacker can do

03Attacker Capabilities

Read sensitive data from the site that should be restricted to higher-privilege users.

Potential impact on your site

04Site Impact

User account data or table contents may be exposed to low-privilege users who should not see them.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege user account on the site (e.g., subscriber or contributor role).

Key dates

06Disclosure timeline

February 19, 2026 CVE published
April 28, 2026 Record updated