CVE-2025-11171 | SnailSploit

Q: What is the impact of CVE-2025-11171?

CVSS — Pending. The vulnerability class is Missing Auth.

Q: Where can I find authoritative references?

NVD record, MITRE CVE record, and the vendor security advisory.

TL;DR

This vulnerability has been assigned CVE-2025-11171 and is currently pending full publication details from the National Vulnerability Database (NVD). The vulnerability was discovered and responsibly disclosed by Kai Aizen (SnailSploit).

CVE Disclosures →

Status

Description

Full technical details will be published once the vulnerability information is released by NVD and the affected software vendor has had adequate time to patch and notify users.

Timeline

Discovery: Vulnerability discovered during WordPress plugin security assessment
Disclosure: Responsibly disclosed to plugin developer
CVE Assignment: CVE-2025-11171 assigned
Status: Awaiting NVD publication

Updates

This page will be updated with complete technical details, proof of concept, and remediation guidance once the information is publicly available through NVD.

For the most current information, check the official NVD entry or contact [email protected].

References

Discovered by: Kai Aizen (SnailSploit)

CVE-2026-3288 Config Injection in ingress-nginx CVE-2026-1208 CSRF in Friendly Functions for Welcart CVE-2025-11174 Missing Auth in Document Library Lite CVE-2025-9776 SQL Injection in CatFolders CVE-2025-12163 Stored XSS in OmniPress CVE-2025-12030 IDOR in ACF to REST API

@misc{aizen2026cve, author = {Aizen, Kai}, title = {CVE-2025-11171 | Missing Auth in Chartify Plugin}, year = {2026}, url = {https://snailsploit.com/security-research/cves/cve-2025-11171/}, note = {snailsploit.com} }

CVE-2025-11171 — questions & answers

What is CVE-2025-11171?

CVE-2025-11171 is a disclosed vulnerability (Missing Auth) in Chartify Plugin, coordinated through the standard CVE process by independent security researcher Kai Aizen.

Am I affected by CVE-2025-11171?

You are affected if your environment runs an unpatched version of Chartify Plugin. Check the upstream advisory or NVD record for the precise affected version range, then verify against your deployed version.

How do I fix CVE-2025-11171?

Upgrade Chartify Plugin to the version that includes the upstream fix referenced in the NVD record. If an immediate upgrade is not possible, apply the mitigation guidance from the vendor advisory and restrict exposure of the affected surface area.

What is the impact of CVE-2025-11171?

CVSS — · Pending. The vulnerability class is Missing Auth; consult the NVD and vendor advisory for vector details, exploitation prerequisites, and observed impact.

Where can I find authoritative references?

NVD record at https://nvd.nist.gov/vuln/detail/CVE-2025-11171, the MITRE CVE record at https://www.cve.org/CVERecord?id=CVE-2025-11171, and the vendor's security advisory page.