CVE-2025-1065: 
WordPress vulnerability analysis and mitigation

The Visualizer: Tables and Charts Manager for WordPress plugin has been identified with a Stored Cross-Site Scripting vulnerability (CVE-2025-1065), discovered and disclosed on February 19, 2025. This vulnerability affects all versions up to and including 3.11.8 of the plugin (NVD Database).

The vulnerability is classified as a Stored Cross-Site Scripting (CWE-79) issue that exists in the plugin's Import Data From File feature. The root cause is attributed to insufficient input sanitization and output escaping on user-supplied attributes. The vulnerability has received a CVSS v3.1 Base Score of 6.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N (NVD Database).

When exploited, this vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These malicious scripts will execute whenever a user accesses the compromised page (NVD Database).

A fix has been implemented as evidenced by the WordPress plugin repository changelog (WordPress Plugin). Users are advised to update their installations to the latest version of the plugin to mitigate this vulnerability.