CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

49 matches found

Prion•added 2019/10/03 7:15 p.m.•18 views

Cross site scripting

A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers...

4.3CVSS6.2AI score0.01687EPSS

Exploits2References3Affected Software1

Cvelist•added 2019/10/03 6:34 p.m.•14 views

CVE-2019-16931

6.6AI score0.01687EPSS

Exploits2References3

CVE•added 2019/10/03 6:34 p.m.•145 views

CVE-2019-16931

The WordPress Visualizer plugin (versions prior to 3.3.1; affected entry cites 3.3.0) contains a stored XSS via the WP-JSON API endpoint /wp-json/visualizer/v1/update-chart. The root cause is that Block.php registers this endpoint with no access control and Data.php lacks output sanitization, all...

6.1CVSS6.5AI score0.01687EPSS

Exploits2References3Affected Software1

OSV•added 2019/09/30 4:15 p.m.•0 views

CVE-2019-16932

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data...

10CVSS7.3AI score

Exploits0References3

NVD•added 2019/09/30 4:15 p.m.•13 views

CVE-2019-16932

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data...

10CVSS9.5AI score0.80844EPSS

Exploits2References3

Prion•added 2019/09/30 4:15 p.m.•17 views

Server side request forgery (ssrf)

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data...

5.8CVSS9.4AI score0.80844EPSS

Exploits2References3Affected Software1

CVE•added 2019/09/30 3:8 p.m.•101 views

CVE-2019-16932

The CVE-2019-16932 issue affects the WordPress Visualizer plugin prior to 3.3.1, where the /wp-json/visualizer/v1/upload-data endpoint exposes a blind server-side request forgery (SSRF). The vulnerability enables an attacker to send crafted requests and potentially reach internal resources, with ...

10CVSS9.4AI score0.80844EPSS

Exploits2References3Affected Software1

Cvelist•added 2019/09/30 3:8 p.m.•14 views

CVE-2019-16932

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data...

9.5AI score0.80844EPSS

Exploits2References3

WPVulnDB•added 2019/09/28 12:0 a.m.•14 views

Visualizer < 3.3.1 - Blind Server-Side Request Forgery (SSRF)

This plugin suffers from a blind SSRF vulnerability in the /wp-json/visualizer/v1/upload-data endpoint. PoC curl -i -s -X $'POST' \ -H $'Host: 192.168.158.128:8000' \ --data-binary $'"url":"http://db:3306"' \ $'http://192.168.158.128:8000/wp-json/visualizer/v1/upload-data' See the references...

5.8CVSS1.2AI score0.80844EPSS

Exploits2References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by