{"id":52568,"date":"2026-05-08T13:40:36","date_gmt":"2026-05-08T13:40:36","guid":{"rendered":"https:\/\/zero.redgem.net\/?p=52568"},"modified":"2026-05-08T13:40:36","modified_gmt":"2026-05-08T13:40:36","slug":"wordpress-chart-359-missing-authentication","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=52568","title":{"rendered":"\ud83d\udcc4 WordPress Chart 3.5.9 Missing Authentication_PACKETSTORM:220609"},"content":{"rendered":"<p>{&#8220;lastseen&#8221;:&#8221;2026-05-08T18:03:35&#8243;,&#8221;description&#8221;:&#8221;The Chartify WordPress Chart plugin contains a missing authentication vulnerability in all versions up to and including 3.5.9. The plugin registers an unauthenticated AJAX action that dispatches to admin-class methods based on a request parameter&#8230;&#8221;,&#8221;published&#8221;:&#8221;2026-05-08T00:00:00&#8243;,&#8221;modified&#8221;:&#8221;2026-05-08T00:00:00&#8243;,&#8221;type&#8221;:&#8221;packetstorm&#8221;,&#8221;title&#8221;:&#8221;\ud83d\udcc4 WordPress Chart 3.5.9 Missing Authentication&#8221;,&#8221;source&#8221;:&#8221;&#8221;,&#8221;references&#8221;:&#8221;&#8221;,&#8221;id&#8221;:&#8221;PACKETSTORM:220609&#8243;,&#8221;bulletinFamily&#8221;:&#8221;exploit&#8221;,&#8221;cwe&#8221;:null,&#8221;cvelist&#8221;:[&#8220;CVE-2025-11171&#8243;],&#8221;sourceData&#8221;:&#8221;CVE-2025-11171: Missing Authentication in Chartify WordPress Plugin\\n    \\n    [![CVE](https:\/\/img.shields.io\/badge\/CVE-2025&#8211;11171-red)](https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2025-11171)\\n    [![CVSS Score](https:\/\/img.shields.io\/badge\/CVSS-5.3%20Medium-orange)](https:\/\/nvd.nist.gov\/vuln-metrics\/cvss\/v3-calculator)\\n    [![WordPress Plugin](https:\/\/img.shields.io\/badge\/WordPress-Plugin-blue)](https:\/\/wordpress.org\/plugins\/chart-builder\/)\\n    [![CWE-306](https:\/\/img.shields.io\/badge\/CWE-306-critical)](https:\/\/cwe.mitre.org\/data\/definitions\/306.html)\\n    [![Wordfence](https:\/\/img.shields.io\/badge\/Disclosed-Wordfence-success)](https:\/\/www.wordfence.com\/)\\n    \\n    \\u003e **Keywords:** CVE-2025-11171, Chartify WordPress vulnerability, missing authentication, WordPress security, unauthenticated AJAX exploit, WordPress plugin vulnerability, CWE-306, WordPress chart plugin security, authentication bypass, WordPress CVE 2025\\n    \\n    ## Table of Contents\\n    \\n    &#8211; [Overview](#overview)\\n    &#8211; [Vulnerability Details](#vulnerability-details)\\n    &#8211; [Technical Analysis](#technical-details)\\n    &#8211; [Attack Vector](#attack-vector)\\n    &#8211; [Remediation Guide](#remediation)\\n    &#8211; [CVSS Metrics](#cvss-v31-metrics)\\n    &#8211; [References](#references)\\n    &#8211; [Security Contact](#contact)\\n    \\n    ## Overview\\n    \\n    **Chartify WordPress Plugin Authentication Bypass Vulnerability (CVE-2025-11171)** &#8211; Critical security flaw allowing unauthenticated access to administrative functions in WordPress chart building plugin.\\n    \\n    A critical authentication bypass vulnerability was discovered in the Chartify WordPress Chart Plugin that allows unauthenticated attackers to execute administrative functions.\\n    \\n    **Discovered by:** Kai Aizen \\u0026 Avraham Shemesh (SnailSploit)  \\n    **Published:** October 7, 2025  \\n    **CVSS Score:** 5.3 (Medium)  \\n    **CWE:** CWE-306 &#8211; Missing Authentication for Critical Function  \\n    **Plugin:** Chartify \u2013 WordPress Chart Plugin  \\n    **Attack Type:** Unauthenticated AJAX Admin Function Execution  \\n    **Required Privileges:** None (Unauthenticated Attack)\\n    \\n    ## Vulnerability Details\\n    \\n    ### Description\\n    \\n    The Chartify WordPress Chart Plugin contains a missing authentication vulnerability in all versions up to and including 3.5.9. The plugin registers an unauthenticated AJAX action that dispatches to admin-class methods based on a request parameter without any nonce or capability checks.\\n    \\n    ### Impact\\n    \\n    This vulnerability allows unauthenticated attackers to:\\n    &#8211; Execute administrative functions via the `wp-admin\/admin-ajax.php` endpoint\\n    &#8211; Bypass authentication controls\\n    &#8211; Potentially manipulate plugin settings and data\\n    \\n    ### Affected Versions\\n    \\n    &#8211; **Vulnerable:** All versions \u2264 3.5.9\\n    &#8211; **Patched:** Version 3.6.0 and above\\n    \\n    ### CVSS v3.1 Metrics\\n    \\n    &#8220;`\\n    CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N\\n    &#8220;`\\n    \\n    | Metric | Value |\\n    |&#8212;&#8212;&#8211;|&#8212;&#8212;-|\\n    | Attack Vector | Network (AV:N) |\\n    | Attack Complexity | Low (AC:L) |\\n    | Privileges Required | None (PR:N) |\\n    | User Interaction | None (UI:N) |\\n    | Scope | Unchanged (S:U) |\\n    | Confidentiality | None (C:N) |\\n    | Integrity | Low (I:L) |\\n    | Availability | None (A:N) |\\n    \\n    ## Technical Details\\n    \\n    The vulnerability exists in the AJAX handler implementation where:\\n    \\n    1. The plugin registers an unauthenticated AJAX action\\n    2. This action dispatches to admin-class methods based on request parameters\\n    3. No nonce validation is performed\\n    4. No capability checks are implemented\\n    5. Attackers who can identify callable method names can invoke them directly\\n    \\n    ### Attack Vector\\n    \\n    &#8220;`\\n    POST \/wp-admin\/admin-ajax.php\\n    &#8220;`\\n    \\n    The vulnerability can be exploited through the WordPress admin-ajax.php endpoint without authentication, provided the attacker can identify valid method names.\\n    \\n    ## Remediation\\n    \\n    ### For Site Administrators\\n    \\n    **Immediate Action Required:**\\n    \\n    1. Update to Chartify version **3.6.0** or later immediately\\n    2. Review your site&#8217;s access logs for suspicious AJAX requests to `admin-ajax.php`\\n    3. If you cannot update immediately, consider temporarily disabling the plugin\\n    \\n    ### Update Instructions\\n    \\n    1. Navigate to **Plugins \\u003e Installed Plugins** in WordPress admin\\n    2. Locate \\&#8221;Chartify \u2013 WordPress Chart Plugin\\&#8221;\\n    3. Click **Update Now** to upgrade to version 3.6.0 or later\\n    4. Verify the update was successful\\n    \\n    ### For Developers\\n    \\n    Ensure all AJAX handlers implement proper security controls:\\n    \\n    &#8220;`php\\n    \/\/ Example of proper AJAX security\\n    add_action(&#8216;wp_ajax_your_action&#8217;, &#8216;your_callback&#8217;);\\n    \\n    function your_callback() {\\n        \/\/ Verify nonce\\n        check_ajax_referer(&#8216;your_nonce_action&#8217;, &#8216;nonce&#8217;);\\n        \\n        \/\/ Check capabilities\\n        if (!current_user_can(&#8216;manage_options&#8217;)) {\\n            wp_die(&#8216;Unauthorized&#8217;);\\n        }\\n        \\n        \/\/ Your secure code here\\n    }\\n    &#8220;`\\n    \\n    ## Timeline\\n    \\n    &#8211; **October 7, 2025** &#8211; Vulnerability publicly disclosed\\n    &#8211; **October 8, 2025** &#8211; CVE record updated\\n    &#8211; **Version 3.6.0** &#8211; Patch released by plugin vendor\\n    \\n    ## References\\n    \\n    &#8211; [Wordfence Intelligence Database Entry](https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/wordpress-plugins\/chart-builder\/chartify-wordpress-chart-plugin-359-missing-authentication-for-administrative-function)\\n    &#8211; [WordPress Plugin Trac](https:\/\/plugins.trac.wordpress.org\/browser\/chart-builder)\\n    &#8211; [MITRE CVE Entry](https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2025-11171)\\n    \\n    ## Credits\\n    \\n    **Researchers:**  \\n    &#8211; **Kai Aizen** &#8211; SnailSploit  \\n    &#8211; **Avraham Shemesh** &#8211; SnailSploit\\n    \\n    **Disclosure Process:** Coordinated through Wordfence Bug Bounty Program\\n    \\n    ## Disclaimer\\n    \\n    This information is provided for security research and defensive purposes only. Any exploitation of this vulnerability for malicious purposes is illegal and unethical. Always obtain proper authorization before testing systems you do not own.\\n    \\n    ## Contact\\n    \\n    For questions or additional information about this vulnerability:\\n    &#8211; **Email:** kai@owasp.com\\n    &#8211; **Website:** [snailsploit.com](https:\/\/snailsploit.com)\\n    &#8211; **Organization:** SnailSploit Security Research\\n    \\n    &#8212;\\n    \\n    \\n    \\n    *Last updated: October 13, 2025*\\n    \\n    \\u003c!&#8211; snailsploit-backlink:start &#8211;\\u003e\\n    \\n    &#8212;\\n    \\n    ## \ud83d\udcda Documentation \\u0026 Author\\n    \\n    This project&#8217;s full writeup, methodology, and related research lives at:\\n    \\n    **[https:\/\/snailsploit.com\/security-research\/cves\/cve-2025-11171\/](https:\/\/snailsploit.com\/security-research\/cves\/cve-2025-11171\/)**\\n    \\n    Created by **Kai Aizen** \u2014 independent offensive security researcher.\\n    \\n    [snailsploit.com](https:\/\/snailsploit.com) \u00b7 [Research](https:\/\/snailsploit.com\/research) \u00b7 [Frameworks](https:\/\/snailsploit.com\/frameworks) \u00b7 [GitHub](https:\/\/github.com\/SnailSploit) \u00b7 [LinkedIn](https:\/\/linkedin.com\/in\/kaiaizen) \u00b7 [ResearchGate](https:\/\/www.researchgate.net\/profile\/Kai-Aizen-2) \u00b7 [X\/Twitter](https:\/\/x.com\/SnailSploit)\\n    \\n    \\u003e *Same attack. Different substrate.*\\n    \\n    \\u003c!&#8211; snailsploit-backlink:end &#8211;\\u003e&#8221;,&#8221;sourceHref&#8221;:&#8221;https:\/\/packetstorm.news\/download\/220609&#8243;,&#8221;cvss&#8221;:{&#8220;score&#8221;:5.3,&#8221;severity&#8221;:&#8221;MEDIUM&#8221;,&#8221;vector&#8221;:&#8221;CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N&#8221;,&#8221;version&#8221;:&#8221;3.1&#8243;},&#8221;cvss2&#8243;:{},&#8221;cvss3&#8243;:{&#8220;version&#8221;:&#8221;&#8221;,&#8221;vectorString&#8221;:&#8221;&#8221;,&#8221;baseScore&#8221;:0,&#8221;baseSeverity&#8221;:&#8221;&#8221;,&#8221;attackVector&#8221;:&#8221;&#8221;,&#8221;attackComplexity&#8221;:&#8221;&#8221;,&#8221;privilegesRequired&#8221;:&#8221;&#8221;,&#8221;userInteraction&#8221;:&#8221;&#8221;,&#8221;scope&#8221;:&#8221;&#8221;,&#8221;confidentialityImpact&#8221;:&#8221;&#8221;,&#8221;integrityImpact&#8221;:&#8221;&#8221;,&#8221;availabilityImpact&#8221;:&#8221;&#8221;,&#8221;cvssV3&#8243;:{&#8220;version&#8221;:&#8221;&#8221;,&#8221;vectorString&#8221;:&#8221;&#8221;,&#8221;baseScore&#8221;:0,&#8221;baseSeverity&#8221;:&#8221;&#8221;,&#8221;attackVector&#8221;:&#8221;&#8221;,&#8221;attackComplexity&#8221;:&#8221;&#8221;,&#8221;privilegesRequired&#8221;:&#8221;&#8221;,&#8221;userInteraction&#8221;:&#8221;&#8221;,&#8221;scope&#8221;:&#8221;&#8221;,&#8221;confidentialityImpact&#8221;:&#8221;&#8221;,&#8221;integrityImpact&#8221;:&#8221;&#8221;,&#8221;availabilityImpact&#8221;:&#8221;&#8221;}},&#8221;href&#8221;:&#8221;https:\/\/packetstorm.news\/files\/id\/220609\/&#8221;,&#8221;category_name&#8221;:&#8221;Exploit&#8221;,&#8221;post_link&#8221;:&#8221;&#8221;,&#8221;product&#8221;:&#8221;&#8221;,&#8221;version&#8221;:&#8221;&#8221;,&#8221;vendor&#8221;:&#8221;&#8221;,&#8221;ai_description&#8221;:&#8221;&#8221;,&#8221;ai_severity&#8221;:&#8221;&#8221;,&#8221;ai_vendor&#8221;:&#8221;&#8221;,&#8221;ai_product&#8221;:&#8221;&#8221;,&#8221;ai_version&#8221;:&#8221;&#8221;,&#8221;ai_score&#8221;:0}<\/p>\n","protected":false},"excerpt":{"rendered":"<p>{&#8220;lastseen&#8221;:&#8221;2026-05-08T18:03:35&#8243;,&#8221;description&#8221;:&#8221;The Chartify WordPress Chart plugin contains a missing authentication vulnerability in all versions up to and including 3.5.9. The plugin registers an unauthenticated AJAX action&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,22,12,21,13,53,7,11,5],"class_list":["post-52568","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-53","tag-exploit","tag-medium","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>\ud83d\udcc4 WordPress Chart 3.5.9 Missing Authentication_PACKETSTORM:220609 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=52568\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 WordPress Chart 3.5.9 Missing Authentication_PACKETSTORM:220609 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{&#8220;lastseen&#8221;:&#8221;2026-05-08T18:03:35&#8243;,&#8221;description&#8221;:&#8221;The Chartify WordPress Chart plugin contains a missing authentication vulnerability in all versions up to and including 3.5.9. The plugin registers an unauthenticated AJAX action...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=52568\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-08T13:40:36+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52568#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52568\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 WordPress Chart 3.5.9 Missing Authentication_PACKETSTORM:220609\",\"datePublished\":\"2026-05-08T13:40:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52568\"},\"wordCount\":1140,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-5.3\",\"exploit\",\"MEDIUM\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=52568#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52568\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52568\",\"name\":\"\ud83d\udcc4 WordPress Chart 3.5.9 Missing Authentication_PACKETSTORM:220609 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-05-08T13:40:36+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52568#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=52568\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=52568#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 WordPress Chart 3.5.9 Missing Authentication_PACKETSTORM:220609\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 WordPress Chart 3.5.9 Missing Authentication_PACKETSTORM:220609 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=52568","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 WordPress Chart 3.5.9 Missing Authentication_PACKETSTORM:220609 - zero redgem","og_description":"{&#8220;lastseen&#8221;:&#8221;2026-05-08T18:03:35&#8243;,&#8221;description&#8221;:&#8221;The Chartify WordPress Chart plugin contains a missing authentication vulnerability in all versions up to and including 3.5.9. The plugin registers an unauthenticated AJAX action...","og_url":"https:\/\/zero.redgem.net\/?p=52568","og_site_name":"zero redgem","article_published_time":"2026-05-08T13:40:36+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=52568#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=52568"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 WordPress Chart 3.5.9 Missing Authentication_PACKETSTORM:220609","datePublished":"2026-05-08T13:40:36+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=52568"},"wordCount":1140,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-5.3","exploit","MEDIUM","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=52568#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=52568","url":"https:\/\/zero.redgem.net\/?p=52568","name":"\ud83d\udcc4 WordPress Chart 3.5.9 Missing Authentication_PACKETSTORM:220609 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-05-08T13:40:36+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=52568#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=52568"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=52568#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 WordPress Chart 3.5.9 Missing Authentication_PACKETSTORM:220609"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/52568","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=52568"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/52568\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=52568"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=52568"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=52568"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}