Skip to main content

Visualizer

7 CVEs product

Monthly

CVE-2026-24573 MEDIUM PATCH This Month

Stored XSS in the Themeisle Visualizer WordPress plugin (all versions before 4.0.0) allows an authenticated low-privileged user to inject persistent malicious scripts into chart or visualization content. When a victim user subsequently views the affected page, the injected script executes in their browser within a changed scope (S:C), meaning impact extends beyond the attacker's own session to other users. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, but the low attack complexity and network-accessible vector make this straightforward to abuse on sites with open or loosely controlled contributor registration.

XSS Visualizer
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-35736 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Visualizer.11.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Visualizer
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-27958 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Reflected XSS.10.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Visualizer
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-23708 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Visualizer
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-2444 HIGH PATCH This Week

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP WordPress Visualizer
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.7%
CVE-2019-16931 MEDIUM POC This Month

A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Visualizer
NVD
CVSS 3.1
6.1
EPSS
3.3%
CVE-2019-16932 CRITICAL POC THREAT Act Now

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Visualizer
NVD
CVSS 3.1
10.0
EPSS
39.1%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Stored XSS in the Themeisle Visualizer WordPress plugin (all versions before 4.0.0) allows an authenticated low-privileged user to inject persistent malicious scripts into chart or visualization content. When a victim user subsequently views the affected page, the injected script executes in their browser within a changed scope (S:C), meaning impact extends beyond the attacker's own session to other users. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, but the low attack complexity and network-accessible vector make this straightforward to abuse on sites with open or loosely controlled contributor registration.

XSS Visualizer
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Visualizer.11.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Visualizer
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Reflected XSS.10.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Visualizer
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Visualizer
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP WordPress +1
NVD GitHub VulDB
EPSS 3% CVSS 6.1
MEDIUM POC This Month

A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP +1
NVD
EPSS 39% CVSS 10.0
CRITICAL POC THREAT Act Now

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Visualizer
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy