Wordpress Visualizer plugin stored XSS CVE-2019-16931
The Visualizer plugin for Wordpress suffers from an unauthenticated stored XSS vulnerability. This was tested against v3.3.0.
This XSS actually relies on another vulnerability of sorts, in that it is possible for an anonymous user to modify data on an already created chart object by simply sending a constructed POST request to the
/wp-json/visualizer/v1/update-chart WP-JSON API endpoint. This can be seen here where the endpoint is registered (
classes/Visualizer/Gutenberg/Block.php) with no access control: