CVE-2025-8867
📋 TL;DR
This stored XSS vulnerability in the Graphina WordPress plugin allows authenticated attackers with contributor-level access or higher to inject malicious scripts into chart parameters. When users view pages containing these manipulated charts, the scripts execute in their browsers. This affects WordPress sites using Graphina plugin version 3.1.3 or earlier.
💻 Affected Systems
- Graphina - Elementor Charts and Graphs WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal admin credentials, redirect users to malicious sites, deface websites, or perform actions on behalf of authenticated users.
Likely Case
Attackers with contributor access inject malicious scripts that steal session cookies or redirect users to phishing pages when they view affected charts.
If Mitigated
With proper user role management and content review processes, exploitation would be limited to trusted contributors, reducing impact.
🎯 Exploit Status
Requires authenticated access (contributor or higher). Exploitation involves manipulating chart widget parameters like categories, titles, and tooltip settings.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.1.4 or later
Vendor Advisory: https://wordpress.org/plugins/graphina-elementor-charts-and-graphs/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Graphina - Elementor Charts and Graphs'. 4. Click 'Update Now' if update available. 5. Alternatively, download latest version from WordPress plugin repository and manually update.
🔧 Temporary Workarounds
Restrict User Roles
allLimit contributor-level access to trusted users only and implement content review workflows
Disable Plugin
WordPressTemporarily disable Graphina plugin until patched
wp plugin deactivate graphina-elementor-charts-and-graphs
🧯 If You Can't Patch
- Implement strict content review process for all contributor submissions
- Add web application firewall rules to block XSS payloads in chart parameters
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins → Graphina version. If version is 3.1.3 or lower, you are vulnerable.Check Version:
wp plugin get graphina-elementor-charts-and-graphs --field=versionVerify Fix Applied:
After updating, verify Graphina plugin version shows 3.1.4 or higher in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to chart editing endpoints
- Suspicious strings in chart parameter fields containing script tags or JavaScript
Network Indicators:
- Unexpected script loads from chart pages
- Data exfiltration to external domains from chart pages
SIEM Query:
source="wordpress" AND (uri_path="/wp-admin/post.php" OR uri_path="/wp-admin/admin-ajax.php") AND (http_method="POST") AND (user_agent CONTAINS "contributor") AND (request_body CONTAINS "<script>" OR request_body CONTAINS "javascript:")🔗 References
- https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/includes/Charts/Elementor/Elements/ApexCharts/AreaChart.php#L156
- https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/includes/Charts/Elementor/Elements/ApexCharts/ColumnChart.php#L183
- https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/includes/Charts/Elementor/Elements/ApexCharts/DistributeColumnChart.php#L179
- https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/includes/Charts/Elementor/Elements/ApexCharts/HeatmapChart.php#L173
- https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/includes/Charts/Elementor/Elements/ApexCharts/LineChart.php#L186
- https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/includes/Charts/Elementor/Elements/ApexCharts/RadarChart.php#L182
- https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/includes/Charts/Elementor/Elements/ApexCharts/ScatterChart.php#L181
- https://plugins.trac.wordpress.org/browser/graphina-elementor-charts-and-graphs/trunk/includes/Charts/Elementor/Elements/ApexCharts/TimelineChart.php#L173
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3343408%40graphina-elementor-charts-and-graphs&new=3343408%40graphina-elementor-charts-and-graphs&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ae7f76ef-3f97-4889-8902-f13a4a298475?source=cve
