FKIE_CVE-2024-4574

Vulnerability from fkie_nvd - Published: 2024-05-14 15:44 - Updated: 2024-11-21 09:43
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Summary
The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/area/widget/area_chart.php#L457
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/bubble/widget/bubble_chart.php#L685
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/candle/widget/candle_chart.php#L517
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/column/widget/column_chart.php#L531
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/distributed_column/widget/Distributed_Column_chart.php#L464
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/donut/widget/donut_chart.php#L325
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/heatmap/widget/heatmap_chart.php#L448
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/line/widget/line_chart.php#L426
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/pie/widget/pie_chart.php#L279
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/polar/widget/polar_chart.php#L413
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radar/widget/radar_chart.php#L546
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radial/widget/radial_chart.php#L417
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/scatter/widget/scatter_chart.php#L419
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/timeline/widget/timeline_chart.php#L462
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/area/widget/area_google_chart.php#L570
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/bar/widget/bar_google_chart.php#L524
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/column/widget/column_google_chart.php#L536
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/donut/widget/donut_google_chart.php#L384
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/line/widget/line_google_chart.php#L578
security@wordfence.comhttps://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/pie/widget/pie_google_chart.php#L391
security@wordfence.comhttps://www.wordfence.com/threat-intel/vulnerabilities/id/1febe2d8-d354-4c78-a611-c1bb0937e53d?source=cve
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/area/widget/area_chart.php#L457
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/bubble/widget/bubble_chart.php#L685
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/candle/widget/candle_chart.php#L517
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/column/widget/column_chart.php#L531
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/distributed_column/widget/Distributed_Column_chart.php#L464
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/donut/widget/donut_chart.php#L325
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/heatmap/widget/heatmap_chart.php#L448
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/line/widget/line_chart.php#L426
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/pie/widget/pie_chart.php#L279
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/polar/widget/polar_chart.php#L413
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radar/widget/radar_chart.php#L546
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radial/widget/radial_chart.php#L417
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/scatter/widget/scatter_chart.php#L419
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/timeline/widget/timeline_chart.php#L462
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/area/widget/area_google_chart.php#L570
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/bar/widget/bar_google_chart.php#L524
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/column/widget/column_google_chart.php#L536
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/donut/widget/donut_google_chart.php#L384
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/line/widget/line_google_chart.php#L578
af854a3a-2127-422b-91ae-364da2661108https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/pie/widget/pie_google_chart.php#L391
af854a3a-2127-422b-91ae-364da2661108https://www.wordfence.com/threat-intel/vulnerabilities/id/1febe2d8-d354-4c78-a611-c1bb0937e53d?source=cve
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Graphina \u2013 Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
    },
    {
      "lang": "es",
      "value": "El complemento Graphina \u2013 Elementor Charts and Graphs para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de m\u00faltiples widgets en todas las versiones hasta la 1.8.9 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
    }
  ],
  "id": "CVE-2024-4574",
  "lastModified": "2024-11-21T09:43:08.107",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7,
        "source": "security@wordfence.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-14T15:44:06.240",
  "references": [
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/area/widget/area_chart.php#L457"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/bubble/widget/bubble_chart.php#L685"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/candle/widget/candle_chart.php#L517"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/column/widget/column_chart.php#L531"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/distributed_column/widget/Distributed_Column_chart.php#L464"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/donut/widget/donut_chart.php#L325"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/heatmap/widget/heatmap_chart.php#L448"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/line/widget/line_chart.php#L426"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/pie/widget/pie_chart.php#L279"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/polar/widget/polar_chart.php#L413"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radar/widget/radar_chart.php#L546"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radial/widget/radial_chart.php#L417"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/scatter/widget/scatter_chart.php#L419"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/timeline/widget/timeline_chart.php#L462"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/area/widget/area_google_chart.php#L570"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/bar/widget/bar_google_chart.php#L524"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/column/widget/column_google_chart.php#L536"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/donut/widget/donut_google_chart.php#L384"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/line/widget/line_google_chart.php#L578"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/pie/widget/pie_google_chart.php#L391"
    },
    {
      "source": "security@wordfence.com",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1febe2d8-d354-4c78-a611-c1bb0937e53d?source=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/area/widget/area_chart.php#L457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/bubble/widget/bubble_chart.php#L685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/candle/widget/candle_chart.php#L517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/column/widget/column_chart.php#L531"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/distributed_column/widget/Distributed_Column_chart.php#L464"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/donut/widget/donut_chart.php#L325"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/heatmap/widget/heatmap_chart.php#L448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/line/widget/line_chart.php#L426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/pie/widget/pie_chart.php#L279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/polar/widget/polar_chart.php#L413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radar/widget/radar_chart.php#L546"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radial/widget/radial_chart.php#L417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/scatter/widget/scatter_chart.php#L419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/timeline/widget/timeline_chart.php#L462"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/area/widget/area_google_chart.php#L570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/bar/widget/bar_google_chart.php#L524"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/column/widget/column_google_chart.php#L536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/donut/widget/donut_google_chart.php#L384"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/line/widget/line_google_chart.php#L578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/pie/widget/pie_google_chart.php#L391"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1febe2d8-d354-4c78-a611-c1bb0937e53d?source=cve"
    }
  ],
  "sourceIdentifier": "security@wordfence.com",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.