The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
4.8CVSS
4.7AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC Ninja Tables β Best Data Table Plugin for WordPress plugin <= 4.3.4 versions.
8.8CVSS
9.2AI Score
0.001EPSS
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPManageNinja LLC Ninja Tables plugin <= 4.3.4 versions.
5.9CVSS
4.9AI Score
0.0005EPSS