Directory Traversal Vulnerabilities in Tera Charts Plugin for WordPress
CVE-2014-4940

Currently unrated

Key Information:

Vendor: Wordpress
Status: Tera-charts
Vendor: CVE Published:; 11 July 2014

What is CVE-2014-4940?

The Tera Charts plugin for WordPress version 0.1 has multiple directory traversal vulnerabilities that can lead to unauthorized file access. By manipulating the 'fn' parameter in requests made to 'charts/treemap.php' or 'charts/zoomabletreemap.php', attackers can perform directory traversal techniques to read arbitrary files on the server. This vulnerability allows the exposure of sensitive information stored on the system, making it crucial for users to apply the necessary updates and mitigate potential risks.

References

http://codevigilant.com/disclosure/wp-plugin-tera-chart-l...

x_refsource_MISC

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

x_refsource_CONFIRM

EPSS Score

57% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 11, 2014

Wordpress

What is CVE-2014-4940?

References

EPSS Score

Timeline