cleantalk
Vulnerabilities and Security Researches

Chartify – WordPress Chart Plugin, c87fdad965ab0e4d1dd47c82eba48973a2f277ef

CVE, Research URL

c87fdad965ab0e4d1dd47c82eba48973a2f277ef

Home page URL

Security reports for Chartify – WordPress Chart Plugin

Application

Chartify – WordPress Chart Plugin

Published on
Nov 28, 2023
Research Description
Chartify &#8211; WordPress Chart Plugin [chart-builder] < 1.9.7 Chart Builder <= 1.9.6 - Authenticated (Admin+) Stored Cross-Site Scripting The Best Chart Plugin – Chartify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max 1.9.7.
Status
vulnerable
Previous vulnerability researches
Easy Chart Builder for WordPress (CVE-2025-25077) , Feb 05, 2025
Chartify &#8211; WordPress Chart Plugin (CVE-2025-54673) , Aug 05, 2025
Chartify &#8211; WordPress Chart Plugin (c87fdad965ab0e4d1dd47c82eba48973a2f277ef) , Jun 07, 2024
Chartify &#8211; WordPress Chart Plugin (CVE-2023-47526) , Jun 07, 2024
Chartify &#8211; WordPress Chart Plugin (CVE-2024-10571) , Nov 14, 2024
New vulnerability
Gutenverse &#8211; Gutenberg Blocks &#8211; Page Builder for Site Editor (CVE-2025-7727) , Aug 07, 2025
Flex Guten &#8211; A Multipurpose Gutenberg Blocks Plugin (CVE-2025-6256) , Aug 07, 2025
Simple File List (CVE-2025-54021) , Aug 07, 2025
Newsletters (CVE-2025-54034) , Aug 07, 2025
FileBird &#8211; WordPress Media Library Folders &amp; File Manager (CVE-2025-6986) , Aug 07, 2025