WordPress Visualizer Plugin <= 3.10.15 is vulnerable to SQL Injection

Software Visualizer Type Plugin Vulnerable versions = 3.10.15 Fixed in 3.11.0 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-3750 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6418115de830 Credits Krzysztof Zając Required privilege Subscriber...

Visualizer < 3.10.6 - Reflected Cross-Site Scripting

Description The Visualizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

WordPress Visualizer Plugin <= 3.10.5 is vulnerable to Cross Site Scripting (XSS)

Software Visualizer Type Plugin Vulnerable versions = 3.10.5 Fixed in 3.10.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27958 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID c3450277a0c7 Credits stealthcopter Required privilege...

VulnCheck KEV: CVE-2019-16932

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data...

CVE-2023-23708 WordPress Visualizer Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin = 3.9.4 versions...

WordPress plugin Visualizer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-46848 WordPress Visualizer Plugin <= 3.9.1 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin = 3.9.1 versions...

WordPress Visualizer Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS)

Software Visualizer Type Plugin Vulnerable versions = 3.9.4 Fixed in 3.9.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23708 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d0daddcc471b Credits Rafshanzani Suhada Required...

Visualizer < 3.9.2 - Contributor+ Stored XSS

The plugin does not sanitise and escape some parameters in the renderChartPages function, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

WordPress Visualizer Plugin <= 3.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Visualizer Type Plugin Vulnerable versions = 3.9.1 Fixed in 3.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-46848 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5d57cada7c6d Credits Muhammad Daffa Required...

CVE-2022-2444

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

CVE-2022-2444

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

Deserialization of untrusted data

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

CVE-2022-2444 Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

WordPress plugin Visualizer 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Visualizer plugin <= 3.7.6 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Visualizer plugin versions = 3.7.6. Solution Update the WordPress Visualizer plugin to the latest available version at least 3.7.7...

Visualizer < 3.7.7 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/admin-ajax.php?action=visualizer-edit-chart=yes=6190=visualizer"...

CVE-2020-2236

The CVE-2020-2236 entry concerns Jenkins’ Yet Another Build Visualizer Plugin. Versions 1.11 and earlier are vulnerable to stored XSS because tooltip content is not escaped, exploitable by users with Run/Update permission. The issue is addressed by updating to version 1.12 or later, which escapes...

WordPress Visualizer Server-Side Request Forgery Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Visualizer plugin is a chart management plugin used in it. A server-side request forgery vulnerability exists in WordPress Visualizer...

CVE-2019-16931

A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers...