CVE-2026-2306

Name of the Vulnerable Software and Affected Versions Ninja Tables – Easy Data Table Builder versions prior to 5.2.7

Description The plugin is susceptible to unauthorized database table creation because of missing authorization checks in the createFluentCartTable() function. Authenticated attackers with Subscriber-level access or higher can create arbitrary tables in the database, potentially resulting in resource exhaustion and database pollution.

Recommendations Update the plugin to a version later than 5.2.6. As a temporary workaround, restrict access to the createFluentCartTable() function to prevent unauthorized users from triggering it.