CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35635 – WordPress Ninja Tables plugin <= 5.0.9 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-35635
30 May 2024 — Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.9. Vulnerabilidad de Server-Side Request Forgery (SSRF) en WPManageNinja LLC Ninja Tables. Este problema afecta a Ninja Tables: desde n/a hasta 5.0.9. The Ninja Tables – Easiest Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.9. This makes it possible for authenticated attackers, with Administra... • https://patchstack.com/database/vulnerability/ninja-tables/wordpress-ninja-tables-plugin-5-0-9-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23504 – WordPress Ninja Tables plugin <= 5.0.5 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-23504
19 Jan 2024 — Missing Authorization vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.5. Vulnerabilidad de autorización faltante en WPManageNinja LLC Ninja Tables. Este problema afecta a Ninja Tables: desde n/a hasta 5.0.5. The Ninja Tables plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the defaultExport() and dragAndDropExport() functions in versions up to, and including, 5.0.5. This makes it possible for unauthenticated ... • https://patchstack.com/database/vulnerability/ninja-tables/wordpress-ninja-tables-plugin-5-0-5-broken-access-control-vulnerability-2?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47136 – WordPress Ninja Tables Plugin <= 4.3.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47136
20 Apr 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC Ninja Tables – Best Data Table Plugin for WordPress plugin <= 4.3.4 versions. The Ninja Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.4. This is due to missing or incorrect nonce validation on the remindMeLater function. This makes it possible for unauthenticated attackers to dismiss an admin notice via a forged request granted they can trick a site administrator into performi... • https://patchstack.com/database/vulnerability/ninja-tables/wordpress-ninja-tables-best-data-table-plugin-for-wordpress-plugin-4-3-4-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47137 – WordPress Ninja Tables Plugin <= 4.3.4 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-47137
19 Apr 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPManageNinja LLC Ninja Tables plugin <= 4.3.4 versions. The Ninja Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 4.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an ... • https://patchstack.com/database/vulnerability/ninja-tables/wordpress-ninja-tables-best-data-table-plugin-for-wordpress-plugin-4-3-4-cross-site-scripting-xss?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24900 – Ninja Tables < 4.1.8 - Admin+ Stored Cross-Site Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24900
25 Oct 2021 — The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El plugin Ninja Tables de WordPress versiones anteriores a 4.1.8, no sanea ni escapa de algunos de sus campos table, que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html está deshab... • https://packetstormsecurity.com/files/164632 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •