{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25008", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-28T09:51:50.022Z", "datePublished": "2026-02-19T08:26:52.281Z", "dateUpdated": "2026-04-28T16:14:53.276Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "ninja-tables", "product": "Ninja Tables", "vendor": "Shahjahan Jewel", "versions": [{"changes": [{"at": "5.2.6", "status": "unaffected"}], "lessThanOrEqual": "5.2.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "theviper17 | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:58.220Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.<p>This issue affects Ninja Tables: from n/a through <= 5.2.5.</p>"}], "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-201", "description": "Insertion of Sensitive Information Into Sent Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:53.276Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/ninja-tables/vulnerability/wordpress-ninja-tables-plugin-5-2-5-sensitive-data-exposure-vulnerability?_s_id=cve"}], "title": "WordPress Ninja Tables plugin <= 5.2.5 - Sensitive Data Exposure vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-20T16:56:51.744046Z", "id": "CVE-2026-25008", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:45:00.729Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25008", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-28T09:51:50.022Z", "datePublished": "2026-02-19T08:26:52.281Z", "dateUpdated": "2026-04-28T12:45:00.729Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "ninja-tables", "product": "Ninja Tables", "vendor": "Shahjahan Jewel", "versions": [{"changes": [{"at": "5.2.6", "status": "unaffected"}], "lessThanOrEqual": "5.2.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "theviper17 | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-28T13:26:35.194Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.<p>This issue affects Ninja Tables: from n/a through <= 5.2.5.</p>"}], "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5."}], "impacts": [{"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "Retrieve Embedded Sensitive Data"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-201", "description": "Insertion of Sensitive Information Into Sent Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T12:10:48.275Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/ninja-tables/vulnerability/wordpress-ninja-tables-plugin-5-2-5-sensitive-data-exposure-vulnerability?_s_id=cve"}], "title": "WordPress Ninja Tables plugin <= 5.2.5 - Sensitive Data Exposure vulnerability"}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25008", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-20T16:56:51.744046Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T16:56:13.377Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information Into Sent Data vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Retrieve Embedded Sensitive Data.This issue affects Ninja Tables: from n/a through <= 5.2.5."}, {"lang": "es", "value": "Inserci\u00f3n de Informaci\u00f3n Sensible en Datos Enviados vulnerabilidad en Shahjahan Jewel Ninja Tables ninja-tables permite Recuperar Datos Sensibles Incrustados. Este problema afecta a Ninja Tables: desde n/a hasta &lt;= 5.2.5."}], "id": "CVE-2026-25008", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-19T09:16:14.637", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/ninja-tables/vulnerability/wordpress-ninja-tables-plugin-5-2-5-sensitive-data-exposure-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-201"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.2.5]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "5.2.6"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Ninja Tables", "source": "cna", "vendor": "Shahjahan Jewel"}, "product": "ninja_tables", "vendor": "shahjahan_jewel"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-16T06:39:08.721339+00:00", "value": {"mitigation_remediation": ["Upgrade the Ninja Tables plugin to version\u202f5.2.6 or later to remove the exposed data path.", "If an upgrade cannot be performed immediately, disable the plugin or delete sensitive entries from tables until the update is applied.", "Reduce the exposure by limiting access to tables to trusted administrators and applying role\u2011based restrictions on the WordPress dashboard."], "summary": {"action": "Update Plugin", "impact": "Sensitive Data Exposure"}, "threat_synthesis": {"affected_systems": "WordPress installations that use the Ninja Tables plugin, developed by Shahjahan Jewel, version 5.2.5 or earlier are affected. The flaw applies to all releases from the earliest available version through 5.2.5.", "description_and_impact": "A flaw in the Ninja Tables plugin allows the insertion of sensitive information into outgoing data and the retrieval of embedded sensitive data. The vulnerability enables an attacker to expose confidential data and was classified as CWE\u2011201 Sensitive Data Exposure. It permits the compromising of information confidentiality but does not provide remote code execution or denial of service.", "risk_and_exploitability": "The overall CVSS score is 4.3, indicating moderate risk. The EPSS value is below 1\u202f%, suggesting a low probability of exploitation at present, and the vulnerability is not listed in CISA\u2019s KEV catalog. The attack vector is not specified in the description; however, it is inferred that the flaw can be triggered via HTTP requests to the plugin\u2019s endpoints, potentially by anyone who can access the site or by authenticated administrators. The impact is limited to data confidentiality, and there are no known privileges or access control weaknesses beyond those required to exploit the plugin."}}}}, "created": "2026-02-20T10:11:06.857265+00:00", "updated": "2026-04-16T06:45:16.315520+00:00", "vendors": ["shahjahan_jewel", "shahjahan_jewel$PRODUCT$ninja_tables", "wordpress", "wordpress$PRODUCT$wordpress"]}