CVE-2026-4730

Name of the Vulnerable Software and Affected Versions Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website versions prior to 2.1.1

Description The plugin is subject to Stored Cross-Site Scripting (XSS), a flaw where malicious scripts are permanently stored on the target server. This occurs due to insufficient input sanitization and output escaping within the chartid attribute of the shortcode. Authenticated attackers with Contributor-level access or higher can inject arbitrary web scripts into pages, which then execute when a user visits the affected page.

Recommendations Update the plugin to a version later than 2.1.0.