Description
The Chart Expert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmzez_chart' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2025-11-11
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored Cross-Site Scripting via shortcode
Action: Apply Patch
AI Analysis

Impact

The Chart Expert plugin for WordPress is vulnerable to stored Cross‑Site Scripting caused by inadequate sanitization of attributes supplied to the 'pmzez_chart' shortcode. The flaw allows an attacker who can authenticate with contributor-level access or higher to embed arbitrary script code that will execute whenever a user opens any page containing the injected shortcode. This can lead to browser‑side attacks such as phishing, session hijacking, defacement, or data exfiltration, depending on the malicious payload crafted by the attacker.

Affected Systems

SAGortouch’s Chart Expert plugin version 1.0 and earlier are affected. The vulnerability exists in all WordPress sites that install these plugin versions and grant contributor or higher roles to users. Users who rely on this plugin for diagram or chart creation may be impacted.

Risk and Exploitability

The vulnerability carries a CVSS score of 6.4, indicating moderate severity. The EPSS score of less than 1% suggests that, at present, exploitation is unlikely to be widespread, and the vulnerability is not listed in the CISA KEV catalog. The attack requires authenticated access with contributor privileges, but once in place, injected scripts run automatically for all visitors to the affected page. As such, the risk is elevated for sites with many active contributors or guest authors, although the overall market-wide exploitation probability remains low.

Generated by OpenCVE AI on April 21, 2026 at 18:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Chart Expert plugin to the latest version that removes the vulnerable shortcode handling
  • If an upgrade is not immediately possible, edit or delete pages containing the malicious 'pmzez_chart' shortcode to remove stored scripts
  • Limit contributor and above roles to trusted users, or temporarily revoke contributor access until the vulnerability is patched
  • Implement additional input validation or output escaping on the shortcode if custom development is available, ensuring that all shortcode attributes are properly sanitized

Generated by OpenCVE AI on April 21, 2026 at 18:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 14 Nov 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 12 Nov 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Tue, 11 Nov 2025 03:45:00 +0000

Type Values Removed Values Added
Description The Chart Expert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmzez_chart' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Title Chart Expert <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Weaknesses CWE-80
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:06:28.328Z

Reserved: 2025-11-05T15:16:59.292Z

Link: CVE-2025-12753

cve-icon Vulnrichment

Updated: 2025-11-14T15:21:07.725Z

cve-icon NVD

Status : Deferred

Published: 2025-11-11T04:15:50.090

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-12753

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T18:30:27Z

Weaknesses