Unauthorized Data Modification Vulnerability in The Visualizer's Tables and Charts Manager for WordPress Plugin
CVE-2024-3750

8.8HIGH

Key Information:

Vendor: WordPress
Status: Visualizer: Tables And Charts Manager For WordPress
Vendor: CVE Published:; 16 May 2024

What is CVE-2024-3750?

The Visualizer: Tables and Charts Manager for WordPress plugin is susceptible to unauthorized modifications and data retrieval due to a missing capability check in the getQueryData() function. All versions up to and including 3.10.15 are impacted, allowing authenticated attackers with subscriber-level access and above to execute arbitrary SQL queries. This vulnerability poses significant risks, including privilege escalation, thereby compromising the integrity and security of the WordPress site. Prompt updates and security measures are essential to mitigate potential threats associated with this vulnerability.

Affected Version(s)

Visualizer: Tables and Charts Manager for WordPress 0 <= 3.10.15

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/visualizer/tru...

https://plugins.trac.wordpress.org/changeset/3086048/visu...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 16, 2024
Vulnerability Reserved
Apr 12, 2024

Credit

Krzysztof Zając

CVE-2024-3750 Data

JSON