CVE-2025-1065

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Feb 19, 2025

CWE ID 79

Summary

CVE-2025-1065 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Visualizer: Tables and Charts Manager plugin for WordPress. This issue, present in all versions up to 3.11.8, allows authenticated attackers with contributor-level access or higher to inject malicious scripts through the plugin's Import Data From File feature. User-supplied attributes receive insufficient sanitization and output escaping, enabling the attacker to execute arbitrary web scripts every time a user accesses an injected page.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2dwX-v
https://www.cve.org/CVERecord?id=CVE-2025-1065
https://nvd.nist.gov/vuln/detail/CVE-2025-1065

Back to Vulnerability Database

CVE-2025-1065

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations