Description
Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5.
Published: 2026-02-19
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: Update Plugin
AI Analysis

Impact

A flaw in the Ninja Tables plugin allows the insertion of sensitive information into outgoing data and the retrieval of embedded sensitive data. The vulnerability enables an attacker to expose confidential data and was classified as CWE‑201 Sensitive Data Exposure. It permits the compromising of information confidentiality but does not provide remote code execution or denial of service.

Affected Systems

WordPress installations that use the Ninja Tables plugin, developed by Shahjahan Jewel, version 5.2.5 or earlier are affected. The flaw applies to all releases from the earliest available version through 5.2.5.

Risk and Exploitability

The overall CVSS score is 4.3, indicating moderate risk. The EPSS value is below 1 %, suggesting a low probability of exploitation at present, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is not specified in the description; however, it is inferred that the flaw can be triggered via HTTP requests to the plugin’s endpoints, potentially by anyone who can access the site or by authenticated administrators. The impact is limited to data confidentiality, and there are no known privileges or access control weaknesses beyond those required to exploit the plugin.

Generated by OpenCVE AI on April 16, 2026 at 06:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Ninja Tables plugin to version 5.2.6 or later to remove the exposed data path.
  • If an upgrade cannot be performed immediately, disable the plugin or delete sensitive entries from tables until the update is applied.
  • Reduce the exposure by limiting access to tables to trusted administrators and applying role‑based restrictions on the WordPress dashboard.

Generated by OpenCVE AI on April 16, 2026 at 06:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Shahjahan Jewel
Shahjahan Jewel ninja Tables
Wordpress
Wordpress wordpress
Vendors & Products Shahjahan Jewel
Shahjahan Jewel ninja Tables
Wordpress
Wordpress wordpress

Thu, 19 Feb 2026 08:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5.
Title WordPress Ninja Tables plugin <= 5.2.5 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References

Subscriptions

Shahjahan Jewel Ninja Tables
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:14:40.587Z

Reserved: 2026-01-28T09:51:50.022Z

Link: CVE-2026-25008

cve-icon Vulnrichment

Updated: 2026-02-20T16:56:13.377Z

cve-icon NVD

Status : Deferred

Published: 2026-02-19T09:16:14.637

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-25008

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T06:45:16Z

Weaknesses