Vulnerabilities and security researches forgraphina-elementor-charts-and-graphs graphina-elementor-charts-and-graphs

Jun 06, 2024

CVE, Research URL: CVE-2024-4574
Home page URL: Security reports for Graphina – Elementor Charts and Graphs
Application: Graphina – Elementor Charts and Graphs
Date: May 14, 2024
Research Description: The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Aug 12, 2024

CVE, Research URL: CVE-2024-43124
Home page URL: Security reports for Graphina – Elementor Charts and Graphs
Application: Graphina – Elementor Charts and Graphs
Date: Aug 13, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Iqonic Design Graphina allows Stored XSS.This issue affects Graphina: from n/a through 1.8.10.
Affected versions: Min -, max -.
Status: vulnerable

May 09, 2025

CVE, Research URL: CVE-2025-47533
Home page URL: Security reports for Graphina – Elementor Charts and Graphs
Application: Graphina – Elementor Charts and Graphs
Date: May 07, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design Graphina allows PHP Local File Inclusion. This issue affects Graphina: from n/a through 3.0.4.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-47480
Home page URL: Security reports for Graphina – Elementor Charts and Graphs
Application: Graphina – Elementor Charts and Graphs
Date: May 07, 2025
Research Description: Missing Authorization vulnerability in Iqonic Design Graphina allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Graphina: from n/a through 3.0.4.
Affected versions: Min -, max -.
Status: vulnerable

Aug 06, 2025

CVE, Research URL: CVE-2025-23968
Home page URL: Security reports for Graphina – Elementor Charts and Graphs
Application: Graphina – Elementor Charts and Graphs
Date: Jul 04, 2025
Research Description: Unrestricted Upload of File with Dangerous Type vulnerability in WPCenter AiBud WP allows Upload a Web Shell to a Web Server.This issue affects AiBud WP: from n/a through 1.8.5.
Affected versions: Min -, max -.
Status: vulnerable

Aug 15, 2025

CVE, Research URL: CVE-2025-8867
Home page URL: Security reports for Graphina – Elementor Charts and Graphs
Application: Graphina – Elementor Charts and Graphs
Date: Aug 15, 2025
Research Description: The Graphina - Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widget parameters in version 3.1.3 and below. This is due to insufficient input sanitization and output escaping on user supplied attributes such as chart categories, titles, and tooltip settings. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable