Lucene search
K

54 matches found

NVD
NVD
added 2026/07/01 5:16 a.m.8 views

CVE-2026-13468

The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS0.00367EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/01 3:43 a.m.8 views

EUVD-2026-40892

The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS5.6AI score0.00367EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/01 3:43 a.m.7 views

CVE-2026-13468

The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS5.6AI score0.00367EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/01 3:43 a.m.35 views

CVE-2026-13468 Visualizer <= 4.0.3 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via /visualizer/v1/action/{chart}/{type}/ REST Endpoint

The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

7.5CVSS0.00367EPSS
Exploits0References8
CVE
CVE
added 2026/07/01 3:43 a.m.15 views

CVE-2026-13468

The CVE-2026-13468 affects the WordPress plugin Visualizer – Tables & Charts Manager with Built-in AI Generator, vulnerable in all versions up to 4.0.3. The root cause is missing authorization checks for actions on the plugin’s REST endpoint /wp-json/visualizer/v1/action/{chart}/{type}/, allowing...

7.5CVSS5.6AI score0.00367EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.14 views

CVE-2026-8689

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wpajaxvisualizer-create-chart an...

4.3CVSS5.6AI score0.00242EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 9:16 a.m.17 views

CVE-2026-8689

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wpajaxvisualizer-create-chart an...

4.3CVSS0.00242EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/28 7:43 a.m.15 views

EUVD-2026-32746

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wpajaxvisualizer-create-chart an...

4.3CVSS5.9AI score0.00242EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/28 7:43 a.m.9 views

CVE-2026-8689 Visualizer: Tables and Charts Manager for WordPress <= 3.11.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Chart Creation and Modification via renderChartPages() and uploadData() Functions

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wpajaxvisualizer-create-chart an...

4.3CVSS5.9AI score0.00242EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:43 a.m.11 views

CVE-2026-8689

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wpajaxvisualizer-create-chart an...

4.3CVSS5.9AI score0.00242EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/28 7:43 a.m.33 views

CVE-2026-8689 Visualizer: Tables and Charts Manager for WordPress <= 3.11.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Chart Creation and Modification via renderChartPages() and uploadData() Functions

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wpajaxvisualizer-create-chart an...

4.3CVSS0.00242EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.19 views

PT-2026-44219

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.11.14. This is due to a missing capability check on the renderChartPages and uploadData functions, where the wp ajax visualizer-create-chart...

4.3CVSS5.9AI score0.00242EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/20 12:54 p.m.41 views

CVE-2026-24573 WordPress Visualizer plugin < 4.0.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle Visualizer allows Stored XSS. This issue affects Visualizer: from n/a before 4.0.0...

6.5CVSS0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:31 a.m.10 views

CVE-2019-16932

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data...

10CVSS6.9AI score0.39137EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.2 views

CVE-2025-13961 Data Visualizer <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Data Visualizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'visualize' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS4.7AI score0.00237EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/02 9:30 a.m.7 views

EUVD-2025-200201

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'query' parameter in all versions up to, and including, 3.11.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

6.5CVSS6.1AI score0.00258EPSS
Exploits0References5
NVD
NVD
added 2025/12/02 7:15 a.m.6 views

CVE-2025-12483

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'query' parameter in all versions up to, and including, 3.11.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

6.5CVSS0.00258EPSS
Exploits0References4
CVE
CVE
added 2025/12/02 6:40 a.m.19 views

CVE-2025-12483

The vulnerability CVE-2025-12483 affects the Visualizer: Tables and Charts Manager for WordPress plugin. It is an authenticated SQL Injection via the query parameter in all versions up to 3.11.12, due to insufficient escaping and query preparation, enabling attackers with Contributor-level access...

6.5CVSS6.1AI score0.00258EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/02 6:40 a.m.5 views

CVE-2025-12483 Visualizer: Tables and Charts Manager for WordPress <= 3.11.12 - Authenticated (Contributor+) SQL Injection

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'query' parameter in all versions up to, and including, 3.11.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

6.5CVSS6.1AI score0.00258EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/02 6:40 a.m.14 views

CVE-2025-12483 Visualizer: Tables and Charts Manager for WordPress <= 3.11.12 - Authenticated (Contributor+) SQL Injection

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'query' parameter in all versions up to, and including, 3.11.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

6.5CVSS0.00258EPSS
Exploits0References4
Rows per page
Query Builder