Vulnerabilities > CVE-2019-16932 - Server-Side Request Forgery (SSRF) vulnerability in Themeisle Visualizer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
A blind SSRF vulnerability exists in the Visualizer plugin before 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
- https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
- https://wordpress.org/plugins/visualizer/#developers
- https://wordpress.org/plugins/visualizer/#developers
- https://wpvulndb.com/vulnerabilities/9892
- https://wpvulndb.com/vulnerabilities/9892