SQL Injection Vulnerability in Visualizer: Tables and Charts Manager for WordPress Plugin
CVE-2025-12483

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
Visualizer: Tables And Charts Manager For WordPress
Vendor
CVE Published:
2 December 2025

What is CVE-2025-12483?

The Visualizer plugin for WordPress is susceptible to SQL Injection due to improper escaping of the 'query' parameter in versions up to 3.11.12. This flaw allows authenticated users with Contributor access or higher to manipulate existing SQL queries, potentially leading to unauthorized access to sensitive database information. The vulnerability was addressed in version 3.11.14, which mitigates exploitation by updating user-level requirements for certain operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Visualizer: Tables and Charts Manager for WordPress * <= 3.11.12

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/visualizer/tag...
https://plugins.trac.wordpress.org/browser/visualizer/tag...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafshanzani Suhada
JSON
.