WordPress · Rough Chart Wordpress Plugin · CVE-2022-2409
**Name of the Vulnerable Software and Affected Versions**
Rough Chart WordPress plugin versions through 1.0.0
**Description**
The issue concerns the Rough Chart WordPress plugin, which does not properly escape chart data labels. This could allow high-privilege users to perform Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed.
**Recommendations**
For Rough Chart WordPress plugin versions through 1.0.0, update to a version that properly escapes chart data labels to prevent Cross-Site Scripting attacks.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.