Lucene search
+L

4 matches found

Nuclei
Nuclei
added 11 hours ago74 views

WordPress Visualizer <3.3.1 - Cross-Site Scripting

WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard...

6.1CVSS6.2AI score0.03342EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2025/05/22 4:41 a.m.8 views

CVE-2019-16931

A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers...

6.1CVSS6.5AI score0.03342EPSS
Exploits2References1
NVD
NVD
added 2019/10/03 7:15 p.m.22 views

CVE-2019-16931

A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers...

6.1CVSS6.3AI score0.03342EPSS
Exploits2References3
CVE
CVE
added 2019/10/03 6:34 p.m.148 views

CVE-2019-16931

The WordPress Visualizer plugin (versions prior to 3.3.1; affected entry cites 3.3.0) contains a stored XSS via the WP-JSON API endpoint /wp-json/visualizer/v1/update-chart. The root cause is that Block.php registers this endpoint with no access control and Data.php lacks output sanitization, all...

6.1CVSS6.5AI score0.03342EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder