{"api_version":"1","generated_at":"2026-04-23T16:06:03+00:00","cve":"CVE-2024-4574","urls":{"html":"https://cve.report/CVE-2024-4574","api":"https://cve.report/api/cve/CVE-2024-4574.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2024-4574","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2024-4574"},"summary":{"title":"Graphina – Elementor Charts and Graphs <= 1.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets","description":"The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","state":"PUBLISHED","assigner":"Wordfence","published_at":"2024-05-14 15:44:06","updated_at":"2026-04-08 17:18:55"},"problem_types":["CWE-79","CWE-79 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"metrics":[{"version":"3.1","source":"security@wordfence.com","type":"Secondary","score":"6.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"6.4","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","data":{"baseScore":6.4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","version":"3.1"}}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/column/widget/column_chart.php#L531","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/column/widget/column_chart.php#L531","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/bar/widget/bar_google_chart.php#L524","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/bar/widget/bar_google_chart.php#L524","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/polar/widget/polar_chart.php#L413","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/polar/widget/polar_chart.php#L413","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/area/widget/area_google_chart.php#L570","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/area/widget/area_google_chart.php#L570","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radar/widget/radar_chart.php#L546","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radar/widget/radar_chart.php#L546","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/distributed_column/widget/Distributed_Column_chart.php#L464","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/distributed_column/widget/Distributed_Column_chart.php#L464","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/scatter/widget/scatter_chart.php#L419","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/scatter/widget/scatter_chart.php#L419","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/pie/widget/pie_chart.php#L279","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/pie/widget/pie_chart.php#L279","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radial/widget/radial_chart.php#L417","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radial/widget/radial_chart.php#L417","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/line/widget/line_google_chart.php#L578","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/line/widget/line_google_chart.php#L578","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/timeline/widget/timeline_chart.php#L462","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/timeline/widget/timeline_chart.php#L462","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/area/widget/area_chart.php#L457","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/area/widget/area_chart.php#L457","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/bubble/widget/bubble_chart.php#L685","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/bubble/widget/bubble_chart.php#L685","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/donut/widget/donut_google_chart.php#L384","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/donut/widget/donut_google_chart.php#L384","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/candle/widget/candle_chart.php#L517","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/candle/widget/candle_chart.php#L517","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/column/widget/column_google_chart.php#L536","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/column/widget/column_google_chart.php#L536","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/pie/widget/pie_google_chart.php#L391","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/pie/widget/pie_google_chart.php#L391","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/heatmap/widget/heatmap_chart.php#L448","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/heatmap/widget/heatmap_chart.php#L448","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/donut/widget/donut_chart.php#L325","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/donut/widget/donut_chart.php#L325","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/line/widget/line_chart.php#L426","name":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/line/widget/line_chart.php#L426","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1febe2d8-d354-4c78-a611-c1bb0937e53d?source=cve","name":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1febe2d8-d354-4c78-a611-c1bb0937e53d?source=cve","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2024-4574","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4574","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"iqonicdesign","product":"Graphina – Charts and Graphs For Elementor","version":"affected 1.8.9 semver","platforms":[]}],"timeline":[{"source":"CNA","time":"2024-05-10T10:03:51.000Z","lang":"en","value":"Disclosed"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Matthew Rollings","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2024-4574","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-05-13T15:23:50.398093Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-06-04T17:56:10.823Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2024-08-01T20:47:40.993Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1febe2d8-d354-4c78-a611-c1bb0937e53d?source=cve"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/area/widget/area_chart.php#L457"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/bubble/widget/bubble_chart.php#L685"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/candle/widget/candle_chart.php#L517"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/column/widget/column_chart.php#L531"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/distributed_column/widget/Distributed_Column_chart.php#L464"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/donut/widget/donut_chart.php#L325"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/heatmap/widget/heatmap_chart.php#L448"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/line/widget/line_chart.php#L426"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/pie/widget/pie_chart.php#L279"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/polar/widget/polar_chart.php#L413"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radar/widget/radar_chart.php#L546"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radial/widget/radial_chart.php#L417"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/scatter/widget/scatter_chart.php#L419"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/timeline/widget/timeline_chart.php#L462"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/area/widget/area_google_chart.php#L570"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/bar/widget/bar_google_chart.php#L524"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/column/widget/column_google_chart.php#L536"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/donut/widget/donut_google_chart.php#L384"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/line/widget/line_google_chart.php#L578"},{"tags":["x_transferred"],"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/pie/widget/pie_google_chart.php#L391"}],"title":"CVE Program Container"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Graphina – Charts and Graphs For Elementor","vendor":"iqonicdesign","versions":[{"lessThanOrEqual":"1.8.9","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Matthew Rollings"}],"descriptions":[{"lang":"en","value":"The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}],"metrics":[{"cvssV3_1":{"baseScore":6.4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-04-08T16:41:08.484Z","orgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","shortName":"Wordfence"},"references":[{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/1febe2d8-d354-4c78-a611-c1bb0937e53d?source=cve"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/area/widget/area_chart.php#L457"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/bubble/widget/bubble_chart.php#L685"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/candle/widget/candle_chart.php#L517"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/column/widget/column_chart.php#L531"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/distributed_column/widget/Distributed_Column_chart.php#L464"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/donut/widget/donut_chart.php#L325"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/heatmap/widget/heatmap_chart.php#L448"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/line/widget/line_chart.php#L426"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/pie/widget/pie_chart.php#L279"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/polar/widget/polar_chart.php#L413"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radar/widget/radar_chart.php#L546"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/radial/widget/radial_chart.php#L417"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/scatter/widget/scatter_chart.php#L419"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/charts/timeline/widget/timeline_chart.php#L462"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/area/widget/area_google_chart.php#L570"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/bar/widget/bar_google_chart.php#L524"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/column/widget/column_google_chart.php#L536"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/donut/widget/donut_google_chart.php#L384"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/line/widget/line_google_chart.php#L578"},{"url":"https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/elementor/google_charts/pie/widget/pie_google_chart.php#L391"}],"timeline":[{"lang":"en","time":"2024-05-10T10:03:51.000Z","value":"Disclosed"}],"title":"Graphina – Elementor Charts and Graphs <= 1.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets"}},"cveMetadata":{"assignerOrgId":"b15e7b5b-3da4-40ae-a43c-f7aa60e62599","assignerShortName":"Wordfence","cveId":"CVE-2024-4574","datePublished":"2024-05-10T22:33:08.858Z","dateReserved":"2024-05-06T20:41:36.360Z","dateUpdated":"2026-04-08T16:41:08.484Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2024-05-14 15:44:06","lastModifiedDate":"2026-04-08 17:18:55","problem_types":["CWE-79","CWE-79 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2024","CveId":"4574","Ordinal":"1","Title":"Graphina – Elementor Charts and Graphs <= 1.8.9 - Authenticated ","CVE":"CVE-2024-4574","Year":"2024"},"notes":[{"CveYear":"2024","CveId":"4574","Ordinal":"1","NoteData":"The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","Type":"Description","Title":"Graphina – Elementor Charts and Graphs <= 1.8.9 - Authenticated "}]}}}