CVE-2025-8685

Name of the Vulnerable Software and Affected Versions: Wp chart generator versions up to and including 1.0.4

Description: The Wp chart generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting through the plugin’s wpchart shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which will execute when a user accesses an injected page.

Recommendations: Update Wp chart generator to a version later than 1.0.4.