CVE-2024-4574

Description

The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/1febe2d8-d354-4c78-a611-c1bb0937e53d?source=cve

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/pie/widget/pie_google_chart.php#L391

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/line/widget/line_google_chart.php#L578

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/donut/widget/donut_google_chart.php#L384

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/column/widget/column_google_chart.php#L536

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/bar/widget/bar_google_chart.php#L524

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/area/widget/area_google_chart.php#L570

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/timeline/widget/timeline_chart.php#L462

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/scatter/widget/scatter_chart.php#L419

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radial/widget/radial_chart.php#L417

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radar/widget/radar_chart.php#L546

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/polar/widget/polar_chart.php#L413

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/pie/widget/pie_chart.php#L279

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/line/widget/line_chart.php#L426

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/heatmap/widget/heatmap_chart.php#L448

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/donut/widget/donut_chart.php#L325

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/distributed_column/widget/Distributed_Column_chart.php#L464

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/column/widget/column_chart.php#L531

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/candle/widget/candle_chart.php#L517

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/bubble/widget/bubble_chart.php#L685

https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/area/widget/area_chart.php#L457

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3