What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5.
Explanation of Vulnerability in Simple Terms
02Summary
Ninja Tables versions up to 5.2.5 expose sensitive information to authenticated users with low privileges. An attacker with a basic user account can read data they should not have access to. The vulnerability requires login credentials but no additional user interaction. Update to a version newer than 5.2.5 to resolve this issue.
What an attacker can do
03Attacker Capabilities
Read sensitive data from the site that should be restricted to higher-privilege users.
Potential impact on your site
04Site Impact
User account data or table contents may be exposed to low-privilege users who should not see them.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site (e.g., subscriber or contributor role).
Key dates
06Disclosure timeline
February 19, 2026
CVE published
April 28, 2026
Record updated