Ninja Tables
Moderate fix1 remedy
cpe:2.3:a:wpmanageninja:ninja_tables:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 5.2.6
Ninja Tables WordPress Plugin Missing Authorization Vulnerability Allows Arbitrary Table Creation
Vulnerability
Patched
A vulnerability exists in the Ninja Tables – Easy Data Table Builder plugin for WordPress, specifically in versions through 5.2.6. The issue arises from inadequate authorization checks in the 'createFluentCartTable' function, allowing authenticated attackers with Subscriber-level access or higher to create arbitrary tables in the database. This could result in database pollution and resource exhaustion.
Impact
Exploitation of this vulnerability allows for unauthorized creation of database tables, which can lead to resource exhaustion and potential disruption of service.
Reproduction
To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can send a request to the 'wp_ajax_ninja_table_fluentcart_create_table' action. This request must include a 'post_title' parameter, which is required for table creation. Once the request is processed, a new Ninja Table will be created in the database, regardless of the user's authorization level.
Remediation
Users are advised to update the Ninja Tables WordPress plugin to version 5.2.7 or later.
Added: May 6, 2026, 6:19 AM
Updated: May 6, 2026, 6:19 AM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
0.6exploitability
6.4remediation
7.7relevance
7.6threat
4.8urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.