CVE-2022-46848

WordPress Visualizer Plugin <= 3.9.1 is vulnerable to Cross Site Scripting (XSS)

CVSS 6.5 MEDIUMEPSS 0.5%CWE-79

In short

The WordPress Visualizer plugin version 3.9.1 and earlier allows authenticated users with contributor privileges to inject malicious scripts that get stored and executed in other users' browsers. This can compromise site security and user data.

Technical detail

Authenticated Stored XSS vulnerability in Visualizer plugin affecting versions ≤3.9.1, exploitable by users with contributor-level permissions or higher. Malicious script payloads are persisted in the database and executed client-side when accessed by other users, potentially leading to session hijacking, credential theft, or privilege escalation.

Summary generated and translated by AI from the official description.

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.1 versions.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Affected products

Themeisle · Visualizer: Tables and Charts Manager for WordPress

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://patchstack.com/database/vulnerability/visualizer/wordpress-visualizer-tables-and-charts-manager-for-wordpress-plugin-3-9-2-auth-cross-site-scripting-xss-vulnerability?_s_id=cve