{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T08:34:05.475","vulnerabilities":[{"cve":{"id":"CVE-2025-2939","sourceIdentifier":"security@wordfence.com","published":"2025-06-03T03:15:27.137","lastModified":"2025-07-10T14:20:31.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute arbitrary functions, though it does not allow user supplied parameters only single functions can be called so the impact is limited."},{"lang":"es","value":"El complemento Ninja Tables – Easy Data Table Builder para WordPress es vulnerable a la inyección de objetos PHP en todas las versiones hasta la 5.0.18 incluida, mediante la deserialización de entradas no confiables del parámetro args[callback]. Esto permite a atacantes no autenticados inyectar un objeto PHP. La presencia adicional de una cadena POP permite a los atacantes ejecutar funciones arbitrarias, aunque no permite parámetros proporcionados por el usuario; solo se pueden invocar funciones individuales, por lo que el impacto es limitado."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":3.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wpmanageninja:ninja_tables:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"5.0.19","matchCriteriaId":"293115CD-8B07-4174-B9D0-B52CE7E4A80A"}]}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/ninja-tables/tags/5.0.18/vendor/wpfluent/framework/src/WPFluent/Http/Client.php#L399","source":"security@wordfence.com","tags":["Product"]},{"url":"https://plugins.trac.wordpress.org/browser/ninja-tables/tags/5.0.19/vendor/wpfluent/framework/src/WPFluent/Http/Client.php#L399","source":"security@wordfence.com","tags":["Product"]},{"url":"https://plugins.trac.wordpress.org/browser/ninja-tables/trunk/vendor/wpfluent/framework/src/WPFluent/Http/Client.php#L399","source":"security@wordfence.com","tags":["Product"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/8e38553d-5dba-4c84-95f7-43420245c770?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]}]}}]}