CVE-2025-11171

MEDIUM

Chartify - WordPress Chart Plugin <3.5.9 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-11171. PoCs published by SnailSploit.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-11171, an authentication bypass vulnerability in the Chartify WordPress Plugin. It includes vulnerability details, technical analysis, attack vectors, and remediation guidance.

Description

The Chartify – WordPress Chart Plugin for WordPress is vulnerable to Missing Authentication for Critical Function in all versions up to, and including, 3.5.9. This is due to the plugin registering an unauthenticated AJAX action that dispatches to admin-class methods based on a request parameter, without any nonce or capability checks. This makes it possible for unauthenticated attackers to execute administrative functions via the wp-admin/admin-ajax.php endpoint granted they can identify callable method names.

Exploits (1)

nomisec WRITEUP
by SnailSploit · poc
https://github.com/SnailSploit/CVE-2025-11171

This repository provides a detailed technical analysis of CVE-2025-11171, an authentication bypass vulnerability in the Chartify WordPress Plugin. It includes vulnerability details, technical analysis, attack vectors, and remediation guidance.

Classification
Writeup 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Chartify WordPress Plugin ≤ 3.5.9
No auth needed
Prerequisites: Access to WordPress admin-ajax.php endpoint
devstral-2 · analyzed May 09, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 5.3
EPSS 0.0033
EPSS Percentile 24.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-306
Status published
Products (1)
ays-pro/Chartify – WordPress Chart Plugin < 3.5.9
Published Oct 08, 2025
Tracked Since Feb 18, 2026