Missing Authorization Vulnerability in Visualizer Plugin for WordPress
CVE-2026-8689

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Visualizer: Tables And Charts Manager For WordPress
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-8689?

The Visualizer: Tables and Charts Manager for WordPress plugin is susceptible to a missing authorization vulnerability across all versions up to and including 3.11.14. This issue arises from the absence of capability checks in the functions responsible for rendering chart pages and uploading data. Specifically, AJAX actions such as renderChartPages() and uploadData() can be exploited by authenticated attackers, including those with Subscriber-level access, allowing them to create arbitrary chart posts and manipulate chart data owned by other users, including administrators. This could lead to unauthorized information exposure and potential data integrity issues.

Affected Version(s)

Visualizer: Tables and Charts Manager for WordPress 0 <= 3.11.14

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/visualizer/tag...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 15, 2026

Credit

David Fernández Morilla

CVE-2026-8689 Data

JSON