Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Unauthenticated network REST request (AV:N/AC:L/PR:N/UI:N) reads confidential non-public chart data with no write or availability effect, so C:H, I:N, A:N.
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The Visualizer - Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to access and export the contents of any visualizer chart on the site - including charts in draft, private, pending, future, or trash status - as CSV, Excel, or HTML via the /wp-json/visualizer/v1/action/{chart}/{type}/ REST endpoint. This bypass is particularly impactful because the standard WordPress REST endpoint for the non-public 'visualizer' custom post type correctly enforces capability checks and returns HTTP 401 to unauthenticated callers, whereas this plugin-registered route circumvents that protection entirely.
Articles & Coverage 1
AnalysisAI
{chart}/{type}/ REST route. The plugin route skips the capability checks that WordPress's core REST endpoint for this non-public custom post type enforces (which correctly returns HTTP 401), exposing otherwise-restricted data. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires only that the target WordPress site runs the Visualizer plugin at version 4.0.3 or earlier with the visualizer/v1 REST route reachable - the default state for the plugin. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (7.5 High) reflects a network-reachable, low-complexity, unauthenticated read of high-value confidential data with no integrity or availability impact - consistent with the description of unauthenticated data export. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker enumerates chart post IDs and issues GET requests to https://victim-site/wp-json/visualizer/v1/action/{chart}/csv/ (or /excel/ or /html/), retrieving the exported contents of charts regardless of whether they are published, draft, private, pending, scheduled, or trashed. Because the route requires no authentication and low complexity (AV:N/AC:L/PR:N/UI:N), the attacker can script bulk harvesting of every chart's underlying data. … |
| Remediation | Upgrade the Visualizer plugin to a version released after 4.0.3 that contains the authorization fix - the input data confirms all versions through 4.0.3 are vulnerable but does not name an exact fixed version, so treat this as 'patch available per vendor advisory; released patched version not independently confirmed' and consult the Wordfence advisory (https://www.wordfence.com/threat-intel/vulnerabilities/id/45dbcc5e-2746-4a55-a1d1-a7c67fa2950e?source=cve) and the plugin changelog for the fixed release before updating. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24-hour: Inventory all WordPress installations using the affected plugin; disable or remove if operationally feasible; review web server logs for the vulnerable endpoint access patterns. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40892
GHSA-m84g-2mgp-69wx