A blind SSRF vulnerability exists in the Visualizer plugin prior to 3.3.1 for WordPress via wp-json/visualizer/v1/upload-data.
themeisle visualizer