{"id":64255,"date":"2025-06-03T08:32:23","date_gmt":"2025-06-03T05:02:23","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-2939-wordpress-ninja-tables-php-object-injection\/"},"modified":"2025-06-03T08:32:23","modified_gmt":"2025-06-03T05:02:23","slug":"cve-2025-2939-wordpress-ninja-tables-php-object-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-2939-wordpress-ninja-tables-php-object-injection\/","title":{"rendered":"CVE-2025-2939 &#8211; WordPress Ninja Tables PHP Object Injection"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2025-2939<br \/>\n<br \/>\n<strong>Published : <\/strong> June 3, 2025, 3:15 a.m. | 1\u00a0hour, 14\u00a0minutes ago<br \/>\n<br \/>\n<strong>Description : <\/strong>The Ninja Tables \u2013 Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute arbitrary functions, though it does not allow user supplied parameters only single functions can be called so the impact is limited.<br \/>\n<br \/>\n<strong>Severity:<\/strong> 5.6 | MEDIUM<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-2939 Published : June 3, 2025, 3:15 a.m. | 1\u00a0hour, 14\u00a0minutes ago Description : The Ninja Tables \u2013 Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the args[callback] parameter . This makes it &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-64255","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/64255","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=64255"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/64255\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=64255"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=64255"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=64255"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}