cleantalk
Vulnerabilities and Security Researches

Visualizer: Tables and Charts Manager for WordPress, CVE-2022-2444

CVE, Research URL

CVE-2022-2444

Home page URL

Security reports for Visualizer: Tables and Charts Manager for WordPress

Application

Visualizer: Tables and Charts Manager for WordPress

Published on
Jul 18, 2022
Research Description
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
Affected versions
max 3.7.10.
Status
vulnerable
Previous vulnerability researches
Visualizer: Tables and Charts Manager for WordPress (CVE-2025-12483) , Dec 04, 2025
Visualizer: Tables and Charts Manager for WordPress (CVE-2025-1065) , Feb 21, 2025
Visualizer: Tables and Charts Manager for WordPress (CVE-2024-35736) , Jun 10, 2024
Visualizer: Tables and Charts Manager for WordPress (CVE-2022-2256) , Jun 07, 2024
Visualizer: Tables and Charts Manager for WordPress (CVE-2022-2444) , Jun 07, 2024
New vulnerability
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2025-13054) , Dec 04, 2025
Visualizer: Tables and Charts Manager for WordPress (CVE-2025-12483) , Dec 04, 2025
Orbit Fox by ThemeIsle (CVE-2025-12045) , Dec 04, 2025
Orbit Fox by ThemeIsle (CVE-2025-10874) , Dec 04, 2025
SM CountDown Widget (CVE-2025-11880) , Nov 14, 2025