What is the CVSS score of EUVD-2025-19379?

EUVD-2025-19379 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N. EPSS exploitation probability: 0.2%.

Which versions of Ninja Tables are affected by EUVD-2025-19379?

Organizations using for WordPress is vulnerable to Server-Side Request Forgery in all face moderate risk from CVE-2025-2940, a server-side request forgery vulnerability rated CVSS 7.2.. A patch is available.

How to fix or mitigate EUVD-2025-19379?

Within 7 days: Identify all affected systems running for WordPress is vulnerable to Server-Side Request Forgery i and apply vendor patches promptly. Implement egress filtering and URL validation for server-side requests.

Ninja Tables EUVD-2025-19379

| CVE-2025-2940 HIGH

Server-Side Request Forgery (SSRF) (CWE-918)

2025-06-27 security@wordfence.com

WordPress SSRF Ninja Tables PHP

7.2

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.2 HIGH

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 16, 2026 - 00:16 euvd

EUVD-2025-19379

Analysis Generated

Mar 16, 2026 - 00:16 vuln.today

Patch released

Mar 16, 2026 - 00:16 nvd

Patch available

CVE Published

Jun 27, 2025 - 09:15 nvd

HIGH 7.2

DescriptionCVE.org

The Ninja Tables - Easy Data Table Builder plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.18 via the args[url] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Analysis

Technical ContextAI

Server-Side Request Forgery allows an attacker to induce the server to make HTTP requests to arbitrary destinations, including internal services. This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918).

RemediationAI

A vendor patch is available — apply it immediately. Validate and whitelist allowed URLs and IP ranges. Block requests to internal/private IP ranges. Use network segmentation to limit server-side request scope.

EUVD-2025-19379 vulnerability details – vuln.today

Back

Ninja Tables EUVD-2025-19379

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code