Vulnerabilities and security researches forstory-chief story-chief

Aug 17, 2025

CVE, Research URL: CVE-2025-7441
Home page URL: Security reports for StoryChief
Application: StoryChief
Date: Aug 16, 2025
Research Description: The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API endpoint that does not have sufficient filetype validation. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: f880d0ed5e5e8b5e0a198ccb03e9c96ca367991f
Home page URL: Security reports for StoryChief
Application: StoryChief
Date: Aug 02, 2021
Research Description: StoryChief [story-chief] < 1.0.31 WordPress StoryChief plugin <= 1.0.30 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress StoryChief plugin (versions <= 1.0.30).
Affected versions: Min -, max -.
Status: vulnerable