Description
WordPress Plugin Visualizer:Tables and Charts Manager for WordPress is prone to multiple vulnerabilities, including cross-site scripting and server-side request forgery vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials, or to make the vulnerable server perform port scanning of hosts in internal or external networks; other attacks are also possible. WordPress Plugin Visualizer:Tables and Charts Manager for WordPress version 3.3.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 3.3.1 or latest
References
https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
https://www.webarxsecurity.com/wordpress-vulnerability-news-september-2019/
https://plugins.svn.wordpress.org/visualizer/trunk/readme.txt
Related Vulnerabilities
Moodle Improper Authentication Vulnerability (CVE-2014-3552)
WordPress Plugin AddToAny Share Buttons Cross-Site Scripting (1.7.45)
WordPress Plugin Product Reviews Import Export for WooCommerce Cross-Site Request Forgery (1.3.2)
Ruby on Rails Improper Access Control Vulnerability (CVE-2015-7577)
WordPress Plugin SSL Insecure Content Fixer Information Disclosure (2.0.0)