Does Chartify – WordPress Chart Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in Chartify – WordPress Chart Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Chartify – WordPress Chart Plugin compatible with WordPress 6.9.4?

According to WordPress.org data, Chartify – WordPress Chart Plugin 3.7.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Chartify – WordPress Chart Plugin compatible with PHP 7.0+?

Chartify – WordPress Chart Plugin requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Chartify – WordPress Chart Plugin updated?

Chartify – WordPress Chart Plugin was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is Chartify – WordPress Chart Plugin's security score?

Chartify – WordPress Chart Plugin has a WP-Safety security score of 89/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Chartify – WordPress Chart Plugin Security & Risk Analysis

wordpress.org/plugins/chart-builder

Chartify is a powerful WordPress Chart Builder Plugin that will help you to create WordPress Graphs & Charts easily and quickly.

4K active installs v3.7.1 PHP 7.0+ WP 5.0+ Updated Mar 13, 2026

chartchartsgraphspievisualization

A · Safe

CVEs total8

Unpatched0

Last CVEDec 3, 2025

Plugin page Download

Safety Verdict

Is Chartify – WordPress Chart Plugin Safe to Use in 2026?

Generally Safe

Score 89/100

Chartify – WordPress Chart Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

8 known CVEsLast CVE: Dec 3, 2025Updated 21d ago

Risk Assessment

The Chart Builder plugin v3.7.1 presents a mixed security posture. While it exhibits good practices in SQL query preparation and output escaping, with 89% of both properly handled, a significant concern arises from its large attack surface. A total of 8 entry points are identified, with a concerning 7 of them lacking authentication checks. This is further exacerbated by 5 high-severity taint flows indicating unsanitized paths, suggesting potential for malicious input to be processed without proper validation. The plugin's vulnerability history is also a red flag, with 8 known CVEs including one critical unpatched vulnerability from 2025-12-03, and common types like CSRF, missing authentication, RFI, and XSS. This pattern of past vulnerabilities, coupled with the current code analysis findings, points to a history of security weaknesses that may still be present despite apparent improvements in some areas.

While the plugin demonstrates some strengths in secure coding practices like prepared statements and output escaping, the substantial number of unprotected entry points and high-severity taint flows are critical risks. The presence of past vulnerabilities, especially critical ones and those related to authentication and input handling, strongly suggests that users should exercise extreme caution. The plugin's recent critical vulnerability in 2025 indicates that even recent versions can harbor severe security flaws. It is crucial to address the unprotected AJAX handlers and the identified taint flows to mitigate the significant risks associated with this plugin. The vulnerability history, particularly the critical unpatched CVE, warrants immediate attention and mitigation strategies.

Key Concerns

Unprotected AJAX handlers
High severity taint flows
Critical unpatched CVE
Missing nonce checks
Missing capability checks
Unsanitized paths in taint flows

Vulnerabilities

Chartify – WordPress Chart Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

3 CVEs in 2024

2024

4 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

Medium

8 total CVEs

CVE-2025-66529medium · 4.3Cross-Site Request Forgery (CSRF)

Chartify <= 3.6.3 - Cross-Site Request Forgery

Dec 3, 2025 Patched in 3.6.4 (9d)

CVE-2025-11171medium · 5.3Missing Authentication for Critical Function

Chartify – WordPress Chart Plugin <= 3.5.9 - Missing Authentication for Administrative Function

Oct 7, 2025 Patched in 3.6.0 (1d)

CVE-2025-54673medium · 4.3Cross-Site Request Forgery (CSRF)

Chartify <= 3.5.3 - Cross-Site Request Forgery

Jul 30, 2025 Patched in 3.5.4 (6d)

CVE-2025-30904medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Chartify <= 3.1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

Mar 27, 2025 Patched in 3.1.9 (7d)

CVE-2024-10571critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source

Nov 13, 2024 Patched in 2.9.6 (132d)

CVE-2024-47347medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Chartify <= 2.7.6 - Reflected Cross-Site Scripting

Sep 27, 2024 Patched in 2.7.7 (7d)

CVE-2023-47526medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Chartify <= 2.0.6 - Authenticated(Administrator+) Stored Cross-Site Scripting

Jan 31, 2024 Patched in 2.0.7 (3d)

WF-18cbf346-91a3-4856-930e-7753eb1470d9-chart-buildermedium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Chart Builder <= 1.9.6 - Authenticated (Admin+) Stored Cross-Site Scripting

Nov 28, 2023 Patched in 1.9.7 (56d)

Code Analysis

Analyzed Mar 16, 2026

Chartify – WordPress Chart Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

51 prepared

Unescaped Output

159

1322 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2DataTablesjQuery

SQL Query Safety

89% prepared57 total queries

Output Escaping

89% escaped1481 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

9 flows6 with unsanitized paths

<chart-builder-charts-display> (admin\partials\charts\chart-builder-charts-display.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

Chartify – WordPress Chart Plugin Attack Surface

Entry Points8

Unprotected7

AJAX Handlers 7

authwp_ajax_ays_chart_admin_ajaxincludes\class-chart-builder.php:246

authwp_ajax_deactivate_plugin_option_cbincludes\class-chart-builder.php:248

noprivwp_ajax_deactivate_plugin_option_cbincludes\class-chart-builder.php:249

authwp_ajax_ays_chart_install_pluginincludes\class-chart-builder.php:251

authwp_ajax_ays_chart_activate_pluginincludes\class-chart-builder.php:254

authwp_ajax_ays_chart_dismiss_buttonincludes\class-chart-builder.php:263

noprivwp_ajax_ays_chart_dismiss_buttonincludes\class-chart-builder.php:264

Shortcodes 1

[ays_chart] public\class-chart-builder-public.php:87

WordPress Hooks 63

actionenqueue_block_editor_assetschart\chart-builder-block.php:140

actioninitchart\chart-builder-block.php:141

actionplugins_loadedchart-builder.php:85

actionadmin_noticeschart-builder.php:105

actioninitincludes\class-chart-builder-custom-post-type.php:33

actionadmin_noticesincludes\class-chart-builder-db-actions.php:93

actionwp_loadedincludes\class-chart-builder-integrations.php:64

actionplugins_loadedincludes\class-chart-builder.php:167

actionadmin_enqueue_scriptsincludes\class-chart-builder.php:182

actionadmin_enqueue_scriptsincludes\class-chart-builder.php:183

actionadmin_enqueue_scriptsincludes\class-chart-builder.php:184

actionadmin_menuincludes\class-chart-builder.php:186

actionadmin_menuincludes\class-chart-builder.php:188

actionadmin_menuincludes\class-chart-builder.php:189

actionadmin_menuincludes\class-chart-builder.php:190

actionadmin_menuincludes\class-chart-builder.php:191

actionadmin_menuincludes\class-chart-builder.php:192

actionadmin_menuincludes\class-chart-builder.php:193

actionays_cb_chart_page_sources_contentsincludes\class-chart-builder.php:197

filterays_cb_chart_page_sources_contents_settingsincludes\class-chart-builder.php:198

filterays_cb_chart_page_sources_contents_settingsincludes\class-chart-builder.php:200

filterays_cb_chart_page_sources_contents_settingsincludes\class-chart-builder.php:201

filterays_cb_chart_page_sources_contents_settingsincludes\class-chart-builder.php:202

filterays_cb_chart_page_sources_contents_settingsincludes\class-chart-builder.php:203

filterays_cb_chart_page_sources_contents_settingsincludes\class-chart-builder.php:204

filterays_cb_chart_page_sources_contents_settings_chartjsincludes\class-chart-builder.php:205

actionays_cb_chart_page_settings_contentsincludes\class-chart-builder.php:208

filterays_cb_chart_page_settings_contents_settingsincludes\class-chart-builder.php:209

filterays_cb_chart_page_settings_contents_settingsincludes\class-chart-builder.php:210

filterays_cb_chart_page_settings_contents_settingsincludes\class-chart-builder.php:211

filterays_cb_chart_page_settings_contents_settingsincludes\class-chart-builder.php:212

filterays_cb_chart_page_settings_contents_settingsincludes\class-chart-builder.php:213

filterays_cb_chart_page_settings_contents_settingsincludes\class-chart-builder.php:214

filterays_cb_chart_page_settings_contents_settingsincludes\class-chart-builder.php:215

filterays_cb_chart_page_settings_contents_settingsincludes\class-chart-builder.php:216

filterays_cb_chart_page_settings_contents_settings_chartjsincludes\class-chart-builder.php:217

filterays_cb_chart_page_settings_contents_settings_chartjsincludes\class-chart-builder.php:218

filterays_cb_chart_page_settings_contents_settings_chartjsincludes\class-chart-builder.php:219

actionays_cb_chart_page_styles_contentsincludes\class-chart-builder.php:222

filterays_cb_chart_page_styles_contents_settingsincludes\class-chart-builder.php:223

filterays_cb_chart_page_styles_contents_settingsincludes\class-chart-builder.php:224

filterays_cb_chart_page_styles_contents_settingsincludes\class-chart-builder.php:225

filterays_cb_chart_page_styles_contents_settingsincludes\class-chart-builder.php:226

filterays_cb_chart_page_styles_contents_settings_chartjsincludes\class-chart-builder.php:227

filterays_cb_chart_page_styles_contents_settings_chartjsincludes\class-chart-builder.php:228

filterays_cb_chart_page_styles_contents_settings_chartjsincludes\class-chart-builder.php:229

actionays_cb_chart_page_advanced_settings_contentsincludes\class-chart-builder.php:232

filterays_cb_chart_page_advanced_settings_contents_settingsincludes\class-chart-builder.php:233

filterays_cb_chart_page_advanced_settings_contents_settingsincludes\class-chart-builder.php:234

filterays_cb_chart_page_advanced_settings_contents_settingsincludes\class-chart-builder.php:235

filterays_cb_chart_page_advanced_settings_contents_settingsincludes\class-chart-builder.php:236

filterays_cb_chart_page_advanced_settings_contents_settings_chartjsincludes\class-chart-builder.php:237

filterays_cb_chart_page_advanced_settings_contents_settings_chartjsincludes\class-chart-builder.php:238

actionelementor/widgets/widgets_registeredincludes\class-chart-builder.php:257

actionin_admin_footerincludes\class-chart-builder.php:259

actionadmin_noticesincludes\class-chart-builder.php:262

actioncurrent_screenincludes\class-chart-builder.php:266

actionwp_headincludes\class-chart-builder.php:279

actionays_cb_chart_page_integrationsincludes\class-chart-builder.php:297

actionays_cb_settings_page_integrationsincludes\class-chart-builder.php:300

filterays_cb_settings_page_integrations_contentsincludes\class-chart-builder.php:306

filterays_cb_chart_page_sources_contents_settingsincludes\class-chart-builder.php:307

filterays_cb_settings_page_integrations_contentsincludes\class-chart-builder.php:312

Maintenance & Trust

Chartify – WordPress Chart Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version7.0

Downloads290K

Community Trust

Rating98/100

Number of ratings25

Active installs4K

Alternatives

Chartify – WordPress Chart Plugin Alternatives

Visualizer: Tables and Charts Manager for WordPress

visualizer

A simple yet powerful WordPress chart plugin to effortlessly create and embed responsive charts & tables into your site, supporting multiple data …

20K 12 CVEs

UberChart – WordPress Chart Plugin

daext-uberchart

UberChart brings the endless customization possibilities included in the Chart.js library to WordPress.

300 No CVEs

Graphina – Charts and Graphs For Elementor

graphina-elementor-charts-and-graphs

Most Powerful Data visualization plugin for WordPress Elementor. The easiest way to build gorgeous Charts & Graphs on your Elementor website.

10K 7 CVEs

Data Diagrams: Visual Chart Editor for WordPress

data-diagrams

100

Visual Editor for 33+ free responsive SVG data charts - as easy as adding an image. No technical skills needed. Live data. No external API calls.

10 No CVEs

Easy Graphs

easy-graphs

100

This plugin allows for simple data visualization in post content. It is Multisite compatible and relies on shortcodes to render the graphs.

10 No CVEs

Developer Profile

Chartify – WordPress Chart Plugin Developer Profile

Ays Pro

18 plugins · 111K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

216 days

View full developer profile

Detection Fingerprints

How We Detect Chartify – WordPress Chart Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/chart-builder/admin/css/chart-builder-admin.css/wp-content/plugins/chart-builder/admin/css/chart-builder-dashicons.css/wp-content/plugins/chart-builder/admin/css/chart-builder-modal.css/wp-content/plugins/chart-builder/admin/css/chart-builder-public-admin.css/wp-content/plugins/chart-builder/admin/css/chart-builder-public-admin-responsive.css/wp-content/plugins/chart-builder/admin/js/chart-builder-admin.js/wp-content/plugins/chart-builder/admin/js/chart-builder-chart.js/wp-content/plugins/chart-builder/admin/js/chart-builder-chart-filter.js+21 more

Script Paths

/wp-content/plugins/chart-builder/admin/js/chart-builder-admin.js/wp-content/plugins/chart-builder/admin/js/chart-builder-chart.js/wp-content/plugins/chart-builder/admin/js/chart-builder-chart-filter.js/wp-content/plugins/chart-builder/admin/js/chart-builder-chart-image.js/wp-content/plugins/chart-builder/admin/js/chart-builder-chart-update.js/wp-content/plugins/chart-builder/admin/js/chart-builder-chart-update-preview.js+17 more

Version Parameters

chart-builder/admin/css/chart-builder-admin.css?ver=chart-builder/admin/css/chart-builder-dashicons.css?ver=chart-builder/admin/css/chart-builder-modal.css?ver=chart-builder/admin/css/chart-builder-public-admin.css?ver=chart-builder/admin/css/chart-builder-public-admin-responsive.css?ver=chart-builder/admin/js/chart-builder-admin.js?ver=chart-builder/admin/js/chart-builder-chart.js?ver=chart-builder/admin/js/chart-builder-chart-filter.js?ver=chart-builder/admin/js/chart-builder-chart-image.js?ver=chart-builder/admin/js/chart-builder-chart-update.js?ver=chart-builder/admin/js/chart-builder-chart-update-preview.js?ver=chart-builder/admin/js/chart-builder-delete.js?ver=chart-builder/admin/js/chart-builder-edit.js?ver=chart-builder/admin/js/chart-builder-edit-data.js?ver=chart-builder/admin/js/chart-builder-edit-data-preview.js?ver=chart-builder/admin/js/chart-builder-edit-preview.js?ver=chart-builder/admin/js/chart-builder-edit-preview-preview.js?ver=chart-builder/admin/js/chart-builder-edit-style.js?ver=chart-builder/admin/js/chart-builder-edit-style-preview.js?ver=chart-builder/admin/js/chart-builder-edit-style-preview-preview.js?ver=chart-builder/admin/js/chart-builder-edit-style-preview-preview-preview.js?ver=chart-builder/admin/js/chart-builder-edit-style-preview-preview-preview-preview.js?ver=chart-builder/admin/js/chart-builder-general.js?ver=chart-builder/admin/js/chart-builder-general-preview.js?ver=chart-builder/admin/js/chart-builder-image.js?ver=chart-builder/admin/js/chart-builder-update.js?ver=chart-builder/admin/js/chart-builder-view.js?ver=chart-builder/public/css/chart-builder-public.css?ver=chart-builder/public/js/chart-builder-public.js?ver=

HTML / DOM Fingerprints

CSS Classes

ays-notice-bannernavigation-barays-navigation-container-logo-upgrade-boxlogo-containerays-btn-upgrade

HTML Comments

<!-- Currently plugin version.<!-- Start at version 1.0.0 and use SemVer - https://semver.org<!-- Rename this for your plugin and update it as you release new versions.<!-- If this file is called directly, abort.+16 more

Data Attributes

data-toggledata-targetdata-dismissdata-backdropdata-keyboarddata-id+6 more

JS Globals

CHART_BUILDER_VERSIONCHART_BUILDER_NAME_VERSIONCHART_BUILDER_NAMECHART_BUILDER_DB_PREFIXCHART_BUILDER_BASENAMECHART_BUILDER_DIR+7 more

FAQ