Description

WordPress Plugin Tera Charts is prone to multiple local file inclusion vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Tera Charts version 0.1 is vulnerable.

Remediation

Update to plugin version 1.0 or latest

References

https://codevigilant.com/disclosure/wp-plugin-tera-chart-local-file-inclusion/

http://www.securityfocus.com/bid/68662/exploit

Related Vulnerabilities

WordPress Plugin Super Store Finder for WordPress (Google Maps Store Locator) Arbitrary File Upload (6.1)

WordPress Plugin Job Board by BestWebSoft Cross-Site Scripting (1.1.3)

WordPress Plugin Facebook Button by BestWebSoft Cross-Site Request Forgery (2.13)

Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-29933)

PHP Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2017-11144)

Severity

High

Classification

CVE-2014-4940 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update File Inclusion