.. / CVE-2019-16932

Exploit for Visualizer <3.3.1 - Blind Server-Side Request Forgery (CVE-2019-16932)

Description:

Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint.

Nuclei Template

View the template here CVE-2019-16932.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-16932.yaml
Copy

References:

https://wordpress.org/plugins/visualizer/#developers
https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
https://wpvulndb.com/vulnerabilities/9892
https://nvd.nist.gov/vuln/detail/CVE-2019-16932
https://wpscan.com/vulnerability/9892