Lucene search
PRIOn knowledge basePRION:CVE-2019-16931HistoryOct 03, 2019 - 7:15 p.m.
Cross site scripting
2019-10-0319:15:00
PRIOn knowledge base
www.prio-n.com
6
A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers wp-json/visualizer/v1/update-chart with no access control, and classes/Visualizer/Render/Page/Data.php lacks output sanitization.
| CPE | Name | Operator | Version |
|---|---|---|---|
| visualizer | le | 3.3.0 |
Related
nuclei
nuclei
WordPress Visualizer <3.3.1 - Cross-Site Scripting
2022-05-11 06:26:12
nvd
nvd
CVE-2019-16931
2019-10-03 19:15:09
wpexploit
wpexploit
Visualizer < 3.3.1 - Stored Cross-Site Scripting (XSS)
2019-09-28 00:00:00
cve
cve
CVE-2019-16931
2019-10-03 19:15:09
wpvulndb
wpvulndb
Visualizer < 3.3.1 - Stored Cross-Site Scripting (XSS)
2019-09-28 00:00:00
cvelist
cvelist
CVE-2019-16931
2019-10-03 18:34:45
openvas
openvas
WordPress Visualizer Plugin < 3.3.1 Multiple Vulnerabilities
2019-10-02 00:00:00