CyberRota
← Ana sayfaya dön

CVE-2026-13468

HIGH · CVSS 7.5

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-01T05:16:18.663 · Çekilme zamanı: 2026-07-01T06:12:00.071890+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-13468
Severity
HIGH
CVSS
7.5
EPSS
Yok
WordPress

Orijinal NVD Açıklaması

The Visualizer – Tables & Charts Manager with Built-in AI Generator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.0.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to access and export the contents of any visualizer chart on the site — including charts in draft, private, pending, future, or trash status — as CSV, Excel, or HTML via the /wp-json/visualizer/v1/action/{chart}/{type}/ REST endpoint. This bypass is particularly impactful because the standard WordPress REST endpoint for the non-public 'visualizer' custom post type correctly enforces capability checks and returns HTTP 401 to unauthenticated callers, whereas this plugin-registered route circumvents that protection entirely.