Description

WordPress Plugin Tera Charts is prone to multiple local file inclusion vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Tera Charts version 0.1 is vulnerable.

Remediation

Update to plugin version 1.0 or latest

References

https://codevigilant.com/disclosure/wp-plugin-tera-chart-local-file-inclusion/

http://www.securityfocus.com/bid/68662/exploit

Related Vulnerabilities

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-14242)

WordPress Plugin Smush Image Compression and Optimization Multiple Vulnerabilities (2.9.1)

WordPress Plugin Blue Wrench Video Widget Cross-Site Request Forgery (1.0.5)

Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-1232)

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3952)

Severity

High

Classification

CVE-2014-4940 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update File Inclusion