CVE-2019-16931: XSS
First published: Thu Oct 03 2019(Updated: )
A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. This occurs because classes/Visualizer/Gutenberg/Block.php registers wp-json/visualizer/v1/update-chart with no access control, and classes/Visualizer/Render/Page/Data.php lacks output sanitization.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Themeisle Visualizer | <=3.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-16931?
CVE-2019-16931 is a stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress that allows an attacker to execute arbitrary JavaScript when editing the chart via the admin dashboard.
How does CVE-2019-16931 affect WordPress?
CVE-2019-16931 affects WordPress installations that have the Visualizer plugin version 3.3.0 installed.
What is the severity of CVE-2019-16931?
The severity of CVE-2019-16931 is medium, with a CVSS score of 6.1.
How can I check if I am affected by CVE-2019-16931?
You are affected by CVE-2019-16931 if you have the Visualizer plugin version 3.3.0 installed on your WordPress site.
How can I fix CVE-2019-16931?
To fix CVE-2019-16931, update the Visualizer plugin to a version that is not affected by the vulnerability.
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/references
- agent/event
- agent/first-publish-date
- agent/description
- agent/tags
- agent/source
- vendor/themeisle
- canonical/themeisle visualizer
- version/themeisle visualizer/3.3.0