CVE-2024-3750
Visualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL Execution
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform arbitrary SQL queries that can be leveraged for privilege escalation among many other actions.
| CWE | CWE-862 |
| Vendor | themeisle |
| Product | visualizer: tables and charts manager for wordpress |
| Published | May 16, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for themeisle visualizer: tables and charts manager for wordpress
Be the first to know when new high vulnerabilities affecting themeisle visualizer: tables and charts manager for wordpress are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
themeisle / Visualizer: Tables and Charts Manager for WordPress
0 โค 3.10.15
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/6d27544c-97a5-42cd-ab07-358f819acbc4?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/visualizer/trunk/classes/Visualizer/Module/Chart.php#L1421 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3086048/visualizer/tags/3.11.0/classes/Visualizer/Source/Query.php plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3086048/visualizer/tags/3.11.0/classes/Visualizer/Module/Chart.php
Credits
Krzysztof Zajฤ
c