cleantalk
Vulnerabilities and Security Researches

Visualizer: Tables and Charts Manager for WordPress, CVE-2019-16931

CVE, Research URL

CVE-2019-16931

Home page URL

Security reports for Visualizer: Tables and Charts Manager for WordPress

Application

Visualizer: Tables and Charts Manager for WordPress

Published on
Oct 04, 2019
Research Description
A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers wp-json/visualizer/v1/update-chart with no access control, and classes/Visualizer/Render/Page/Data.php lacks output sanitization.
Affected versions
max 3.3.1.
Status
vulnerable
Previous vulnerability researches
Visualizer: Tables and Charts Manager for WordPress (CVE-2025-12483) , Dec 04, 2025
Visualizer: Tables and Charts Manager for WordPress (CVE-2025-1065) , Feb 21, 2025
Visualizer: Tables and Charts Manager for WordPress (CVE-2024-35736) , Jun 10, 2024
Visualizer: Tables and Charts Manager for WordPress (CVE-2022-2256) , Jun 07, 2024
Visualizer: Tables and Charts Manager for WordPress (CVE-2022-2444) , Jun 07, 2024
New vulnerability
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2025-13054) , Dec 04, 2025
Visualizer: Tables and Charts Manager for WordPress (CVE-2025-12483) , Dec 04, 2025
Orbit Fox by ThemeIsle (CVE-2025-12045) , Dec 04, 2025
Orbit Fox by ThemeIsle (CVE-2025-10874) , Dec 04, 2025
SM CountDown Widget (CVE-2025-11880) , Nov 14, 2025