Description
The Chartify – WordPress Chart Plugin for WordPress is vulnerable to Missing Authentication for Critical Function in all versions up to, and including, 3.5.9. This is due to the plugin registering an unauthenticated AJAX action that dispatches to admin-class methods based on a request parameter, without any nonce or capability checks. This makes it possible for unauthenticated attackers to execute administrative functions via the wp-admin/admin-ajax.php endpoint granted they can identify callable method names.
Published: 2025-10-08
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Administrative Function Execution
Action: Patch Now
AI Analysis

Impact

The Chartify plugin contains an unauthenticated AJAX endpoint that dispatches to privileged admin methods without nonce or capability verification. This allows anyone to invoke administrative functions through wp-admin/admin-ajax.php. An attacker who can determine what method names are exposed could modify or delete chart data, change user settings, or potentially inject code, compromising the site’s integrity and confidentiality. The weakness is identified as CWE-306.

Affected Systems

The vulnerability affects the ays-pro Chartify – WordPress Chart Plugin version 3.5.9 and earlier. Sites running WordPress with any of these plugin versions are at risk if the plugin is installed and unchanged.

Risk and Exploitability

The CVSS base score of 5.3 indicates moderate risk, and the EPSS score of less than 1 % suggests exploitation is presently unlikely. The vulnerability is not listed in CISA’s KEV catalog. Attackers can exploit it via the public wp-admin/admin-ajax.php endpoint once they discover callable method names; no special privileges or network access are required beyond the ability to send HTTP requests.

Generated by OpenCVE AI on April 21, 2026 at 02:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Chartify plugin to version 3.6.0 or later, where the insecure AJAX action has been removed or secured.
  • If an upgrade is not immediately possible, remove or block the ajax_action hook that exposes the vulnerable endpoint (for example, by editing the plugin code to require authentication and nonce checks).
  • Review WordPress admin user roles and restrict access to all users except trusted site owners.
  • Monitor site logs for any unauthorized calls to the admin-ajax.php endpoint and consider implementing a Web Application Firewall rule to filter such requests.

Generated by OpenCVE AI on April 21, 2026 at 02:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Oct 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Ays-pro
Ays-pro chartify
Wordpress
Wordpress wordpress
Vendors & Products Ays-pro
Ays-pro chartify
Wordpress
Wordpress wordpress

Wed, 08 Oct 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Oct 2025 05:45:00 +0000

Type Values Removed Values Added
Description The Chartify – WordPress Chart Plugin for WordPress is vulnerable to Missing Authentication for Critical Function in all versions up to, and including, 3.5.9. This is due to the plugin registering an unauthenticated AJAX action that dispatches to admin-class methods based on a request parameter, without any nonce or capability checks. This makes it possible for unauthenticated attackers to execute administrative functions via the wp-admin/admin-ajax.php endpoint granted they can identify callable method names.
Title Chartify – WordPress Chart Plugin <= 3.5.9 - Missing Authentication for Administrative Function
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Ays-pro Chartify
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:14:20.755Z

Reserved: 2025-09-29T17:24:27.372Z

Link: CVE-2025-11171

cve-icon Vulnrichment

Updated: 2025-10-08T16:16:19.434Z

cve-icon NVD

Status : Deferred

Published: 2025-10-08T06:15:34.270

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-11171

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T02:30:25Z

Weaknesses