CVE-2025-2940

Name of the Vulnerable Software and Affected Versions: The Ninja Tables – Easy Data Table Builder plugin for WordPress versions up to, and including, 5.0.18

Description: The issue allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application. This can be used to query and modify information from internal services via the args[url] parameter.

Recommendations: For versions up to, and including, 5.0.18, consider disabling access to the args[url] parameter until a patch is available to prevent Server-Side Request Forgery attacks.