On April 10th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an authenticated SQL Execution vulnerability in Visualizer, a WordPress plugin with more than 30,000 active installations.
Props to Krzysztof Zając who discovered and responsibly reported this vulnerability through the Wordfence Bug Bounty Program.
Our mission is to Secure the Web, which is why we are investing in quality vulnerability research and collaborating with researchers of this caliber through our Bug Bounty Program.
Wordfence Premium, Wordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting this vulnerability on April 15, 2024.
Sites using the free version of Wordfence received the same protection 30 days later on May 15, 2024.
After providing full disclosure details, the developer released the first patch, which did not fully address the vulnerability on April 15, 2024.
We urge users to update their sites with the latest patched version of Visualizer, which is version 3.11.0, as soon as possible.
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on the getQueryData() function in all versions up to, and including, 3.10.15.
Visualizer is a WordPress plugin for creating, managing, and embedding interactive, responsive charts and tables.
Insecure implementation of the plugin's fetch chart data functionality allows for arbitrary SQL execution.
Examining the code reveals that the plugin uses the getQueryData() function in the Visualizer Module Chart class to query data for charts, where the query can be specified with the 'query' parameter.
This vulnerability will likely be exploited by threat actors so we urge users to make sure the plugin is up to date as soon as possible.
April 10, 2024 - We received the submission for the SQL Execution vulnerability in Visualizer via the Wordfence Bug Bounty Program.
April 15, 2024 - Wordfence Premium, Care, and Response users received a firewall rule to provide protection against any exploits that may target this vulnerability.
In this blog post, we detailed an Arbitrary SQL Execution vulnerability within the Visualizer plugin affecting versions 3.10.15 and earlier.
This vulnerability allows authenticated threat actors with subscriber-level permissions or higher to inject malicious SQL queries for deleting, modifying, or retrieving data.
The vulnerability has been fully addressed in version 3.11.0 of the plugin.
We encourage WordPress users to verify that their sites are updated to the latest patched version of Visualizer as soon as possible considering the critical nature of this vulnerability.
Wordfence users running Wordfence Premium, Wordfence Care, and Wordfence Response have been protected against these vulnerabilities as of April 15, 2024.
If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as this vulnerability poses a significant risk.
This Cyber News was published on www.wordfence.com. Publication date: Wed, 15 May 2024 19:28:08 +0000