Directory Traversal Vulnerabilities in Tera Charts Plugin for WordPress
CVE-2014-4940

Currently unrated

Key Information:

Vendor: Wordpress
Status: Tera-charts
Vendor: CVE Published:; 11 July 2014

Summary

The Tera Charts plugin for WordPress version 0.1 has multiple directory traversal vulnerabilities that can lead to unauthorized file access. By manipulating the 'fn' parameter in requests made to 'charts/treemap.php' or 'charts/zoomabletreemap.php', attackers can perform directory traversal techniques to read arbitrary files on the server. This vulnerability allows the exposure of sensitive information stored on the system, making it crucial for users to apply the necessary updates and mitigate potential risks.

References

http://codevigilant.com/disclosure/wp-plugin-tera-chart-l...

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

x_refsource_CONFIRM

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 11, 2014