Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Mahmudul Hasan Arif Ninja Charts ninja-charts allows Retrieve Embedded Sensitive Data.This issue affects Ninja Charts: from n/a through <= 3.3.5.
Published: 2025-09-05
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in the Ninja Charts WordPress plugin allows an attacker to retrieve embedded sensitive data. The flaw permits exposure of confidential system information that should be protected from unauthorized access. This can lead to compromise of data confidentiality and may enable further attacks if the data is used to map sensitive system configurations.

Affected Systems

This issue affects the Ninja Charts plugin developed by Mahmudul Hasan Arif. Versions from the initial release up through 3.3.5 are impacted. Users deploying any of these versions on WordPress sites are vulnerable.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate impact. The EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local or requires authenticated access to the plugin, based on the plugin's operational context. Because sensitive data is exposed, an attacker who can obtain or guess a valid authentication token could potentially exploit this flaw to collect confidential information.

Generated by OpenCVE AI on April 30, 2026 at 02:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Ninja Charts to version 3.3.6 or later to remove the flaw.
  • If an immediate upgrade is not possible, restrict access to the plugin’s data endpoints by configuring the web server or application firewall to allow only authorized users.
  • Disable the Ninja Charts plugin entirely if the data exposed is critical, or monitor plugin activity for unauthorized data retrieval.

Generated by OpenCVE AI on April 30, 2026 at 02:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-26980 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Mahmudul Hasan Arif Ninja Charts allows Retrieve Embedded Sensitive Data. This issue affects Ninja Charts: from n/a through 3.3.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Mahmudul Hasan Arif Ninja Charts allows Retrieve Embedded Sensitive Data. This issue affects Ninja Charts: from n/a through 3.3.2. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Mahmudul Hasan Arif Ninja Charts ninja-charts allows Retrieve Embedded Sensitive Data.This issue affects Ninja Charts: from n/a through <= 3.3.5.
Title WordPress Ninja Charts Plugin <= 3.3.2 - Sensitive Data Exposure Vulnerability WordPress Ninja Charts plugin <= 3.3.5 - Sensitive Data Exposure vulnerability
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Sun, 07 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Fri, 05 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 05 Sep 2025 14:00:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Mahmudul Hasan Arif Ninja Charts allows Retrieve Embedded Sensitive Data. This issue affects Ninja Charts: from n/a through 3.3.2.
Title WordPress Ninja Charts Plugin <= 3.3.2 - Sensitive Data Exposure Vulnerability
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:47.268Z

Reserved: 2025-09-05T10:49:01.958Z

Link: CVE-2025-58797

cve-icon Vulnrichment

Updated: 2025-09-05T15:39:18.922Z

cve-icon NVD

Status : Deferred

Published: 2025-09-05T14:15:48.923

Modified: 2026-04-23T15:33:39.217

Link: CVE-2025-58797

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T02:45:16Z

Weaknesses
  • CWE-497

    Exposure of Sensitive System Information to an Unauthorized Control Sphere