CyberSec.Space Logo
Back to CVE Browser

CVE-2019-16932

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0090%
EPSS Percentile31.40th
PublishedSep 30, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.

Affected Platforms (CPE)

πŸ“¦
Themeisle

Visualizer

< 3.3.1

References & Advisories

πŸ”— https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
πŸ”— https://wordpress.org/plugins/visualizer/#developers
πŸ”— https://wpvulndb.com/vulnerabilities/9892
πŸ”— https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
πŸ”— https://wordpress.org/plugins/visualizer/#developers
πŸ”— https://wpvulndb.com/vulnerabilities/9892

Related Vulnerabilities

CVE-2003-034710.0

Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows rem...

CVE-2019-760910.0

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with acce...

CVE-2000-078810.0

The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, ...

CVE-2006-473210.0

Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certai...