Unauthorized Data Modification Vulnerability in The Visualizer's Tables and Charts Manager for WordPress Plugin
CVE-2024-3750

8.8HIGH

Key Information:

Vendor
Wordpress
Status
Visualizer: Tables And Charts Manager For WordPress
Vendor
CVE Published:
16 May 2024

Summary

The Visualizer: Tables and Charts Manager for WordPress plugin is susceptible to unauthorized modifications and data retrieval due to a missing capability check in the getQueryData() function. All versions up to and including 3.10.15 are impacted, allowing authenticated attackers with subscriber-level access and above to execute arbitrary SQL queries. This vulnerability poses significant risks, including privilege escalation, thereby compromising the integrity and security of the WordPress site. Prompt updates and security measures are essential to mitigate potential threats associated with this vulnerability.

Affected Version(s)

Visualizer: Tables and Charts Manager for WordPress * <= 3.10.15

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/visualizer/tru...
https://plugins.trac.wordpress.org/changeset/3086048/visu...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Krzysztof Zając
.