S4E

CVE-2019-16931 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Visualizer plugin for WordPress affects v. 3.3.0.

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

29 days

Scan only one

Domain, IPv4

Toolbox

-

The Visualizer plugin for WordPress is a popular data visualization tool used to create charts, graphs, tables and maps. This plugin offers a range of customizable options for data visualization which makes it a preferred choice for a variety of purposes such as displaying financial data, sales reports, statistical analysis, and more. Visualizer plugin also supports different types of data sources including Google Sheets, CSV files, and MySQL databases. The plugin can be used by anyone with a basic understanding of WordPress.

However, the Visualizer plugin has recently been found to have a critical vulnerability code named CVE-2019-16931. The vulnerability exists within the Gutenberg/Block.php file of the Visualizer plugin which registers an unsecured wp-json/visualizer/v1/update-chart endpoint. This means that the attacker can exploit this vulnerability by sending a specially crafted request to the unsecured endpoint. Once successful, this allows the attacker to execute arbitrary JavaScript, leading to a stored Cross-Site Scripting attack.

The exploitation of this vulnerability can lead to compromising the security of WordPress websites or blogs that use the Visualizer plugin. One of the significant impacts of this vulnerability is that it can allow an attacker to access sensitive data from the website or inject malicious code, leading to a potential compromise of the website. Exploiting the vulnerability can also result in unauthorized data theft, account hijacking, and malware distribution on the impacted website.

If you want to ensure your WordPress website is not vulnerable to this exploit, we recommend utilizing the s4e.io platform. The platform offers pro features that allow you to effortlessly scan your website and obtain reports highlighting vulnerabilities and other security issues. Ensure the security of your digital assets with s4e.io, your partner in website security.

 

REFERENCES

Get started to protecting your Free Full Security Scan