CVE-2024-10571

Name of the Vulnerable Software and Affected Versions The Chartify – WordPress Chart Plugin versions up to, and including, 2.9.5

Description The issue is related to Local File Inclusion, allowing unauthenticated attackers to include and execute arbitrary files on the server via the source parameter. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. According to reports, this vulnerability is under active attack, with a significant number of attacks blocked in a short period.

Recommendations For versions up to, and including, 2.9.5, update to version 2.9.6 to stay secure. As a temporary workaround, consider restricting access to the source parameter to minimize the risk of exploitation.