GCVE - cpe:2.3:a:ays-pro:chartify_–_wordpress_chart

Approved changes feed: RSS · Atom

cpe:2.3:a:ays-pro:chartify_–_wordpress_chart_plugin:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ays Pro (`900df179-83e7-52e1-a062-7dd4345b4c1d`)
Product	Chartify – Wordpress Chart Plugin (`473d158d-3ca8-5f0c-bca8-afd347696be0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-11171`	vulnerable	2026-06-03 14:58:35.543133	Chartify – WordPress Chart Plugin <= 3.5.9 - Missing Authentication for Administrative Function MEDIUM (5.3) The Chartify – WordPress Chart Plugin for WordPress is vulnerable to Missing Authentication for Critical Function in all versions up to, and including, 3.5.9. This is due to the plugin registering an unauthenticated AJAX action that dispatches to admin-class methods based on a request parameter, without any nonce or capability checks. This makes it possible for unauthenticated attackers to execute administrative functions via the wp-admin/admin-ajax.php endpoint granted they can identify callable method names. Published: 2025-10-08T05:24:49.497Z Updated: 2026-04-08T17:14:20.755Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/aa3e030b-8ef1-4dbc-940d-6c2ab2683620?source=cve https://plugins.trac.wordpress.org/browser/chart-builder/tags/3.5.8/includes/class-chart-builder.php#L247 https://plugins.trac.wordpress.org/browser/chart-builder/tags/3.5.8/admin/class-chart-builder-admin.php#L675 https://plugins.trac.wordpress.org/browser/chart-builder/tags/3.5.8/admin/class-chart-builder-admin.php#L1625 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3372188%40chart-builder%2Ftags%2F3.6.0&new=3372188%40chart-builder%2Ftags%2F3.6.0	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10571`	vulnerable	2026-06-03 14:54:12.073126	Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source CRITICAL (9.8) The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Published: 2024-11-14T11:00:12.910Z Updated: 2026-04-08T17:25:50.086Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/d4837258-c749-4194-926c-22b67e20c1fc?source=cve https://plugins.trac.wordpress.org/browser/chart-builder/tags/2.9.6/admin/partials/charts/actions/chart-builder-charts-actions-options.php?rev=3184238 https://abrahack.com/posts/chart-builder-lfi/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Chartify – Wordpress Chart Plugin

PURL mappings

Vulnerability references

Contribute