CVE-2025-14615

Name of the Vulnerable Software and Affected Versions DASHBOARD BUILDER – WordPress plugin for Charts and Graphs versions prior to 1.5.8

Description The software is susceptible to a Cross-Site Request Forgery (CSRF) issue. This is caused by a lack of nonce validation within the settings handler in the dashboardbuilder-admin.php file. An unauthenticated attacker could potentially modify the stored SQL query and database credentials used by the [show-dashboardbuilder] shortcode through a forged request, provided they can trick a site administrator into performing an action. The modified SQL query is then executed on the front-end when the shortcode is rendered, potentially enabling arbitrary SQL injection and data exfiltration through the chart output.

Recommendations Update to version 1.5.8 or later.