CVE-2025-47533 HIGH

CVE-2025-47533: WordPress Graphina plugin <= 3.0.4 - Cross Site Request Forgery (CSRF) to Local File Inclusion vulnerability

Vendor Iqonic Design
Product Graphina
Weakness CWE-352 · CSRF
Published May 7, 2025
Last update April 28, 2026

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design Graphina graphina-elementor-charts-and-graphs allows PHP Local File Inclusion.This issue affects Graphina: from n/a through <= 3.0.4.

Explanation of Vulnerability in Simple Terms

02Summary

Graphina versions up to 3.0.4 contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unauthorized actions on behalf of an authenticated user without their knowledge. The vulnerability requires specific conditions to exploit but can result in data modification, unauthorized access, or service disruption. Site administrators should update to a version newer than 3.0.4 as soon as possible.

What an attacker can do

03Attacker Capabilities

Perform unauthorized actions on the site (modify data, change settings, or disrupt service) on behalf of a logged-in user.

Potential impact on your site

04Site Impact

Attackers can trick your users into unknowingly changing site settings, deleting content, or granting permissions without their consent.

Conditions required to exploit

05Prerequisites

A logged-in user must visit a malicious webpage or click a crafted link while authenticated to the vulnerable site.

Key dates

06Disclosure timeline

May 7, 2025 CVE published
April 28, 2026 Record updated