Back to search
CVE-2019-16931
Published: Oct 3, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers wp-json/visualizer/v1/update-chart with no access control, and classes/Visualizer/Render/Page/Data.php lacks output sanitization.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://wordpress.org/plugins/visualizer/#developers
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/9893
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now