WordPress Security

WordPress Security

Visualizer < 3.3.1 – Stored XSS

DescriptionBy abusing a lack of access controls on the /wp-json/visualizer/v1/update-chart WP-JSON API endpoint, an attacker can arbitrarily modify meta data of an existing chart, and inject a XSS payload to be stored and later executed when an admin goes to edit...

Read More