What the vulnerability does
01Description
Missing Authorization vulnerability in Iqonic Design Graphina graphina-elementor-charts-and-graphs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Graphina: from n/a through <= 3.0.4.
Explanation of Vulnerability in Simple Terms
02Summary
Graphina versions up to 3.0.4 lack proper authorization checks on certain operations. An authenticated user with low privileges can modify or disable site functionality without proper permission validation. The vulnerability does not expose sensitive data but can degrade site availability or integrity.
What an attacker can do
03Attacker Capabilities
Modify or disable site features without proper authorization.
Potential impact on your site
04Site Impact
Authenticated users can alter site configuration or disable features they shouldn't have access to.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege authenticated account on the site.
Key dates
06Disclosure timeline
May 7, 2025
CVE published
April 28, 2026
Record updated