What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design Graphina graphina-elementor-charts-and-graphs allows PHP Local File Inclusion.This issue affects Graphina: from n/a through <= 3.0.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design Graphina graphina-elementor-charts-and-graphs allows PHP Local File Inclusion.This issue affects Graphina: from n/a through <= 3.0.4.
Explanation of Vulnerability in Simple Terms
Graphina versions up to 3.0.4 contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unauthorized actions on behalf of an authenticated user without their knowledge. The vulnerability requires specific conditions to exploit but can result in data modification, unauthorized access, or service disruption. Site administrators should update to a version newer than 3.0.4 as soon as possible.
What an attacker can do
Perform unauthorized actions on the site (modify data, change settings, or disrupt service) on behalf of a logged-in user.
Potential impact on your site
Attackers can trick your users into unknowingly changing site settings, deleting content, or granting permissions without their consent.
Conditions required to exploit
A logged-in user must visit a malicious webpage or click a crafted link while authenticated to the vulnerable site.
Key dates
External resources
Related vulnerabilities