Reflected XSS Vulnerability in Tera Charts Plugin for WordPress
CVE-2016-1000151

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Tera-charts
Vendor
CVE Published:
10 October 2016

Summary

The Tera Charts plugin for WordPress is susceptible to a reflected Cross-Site Scripting (XSS) vulnerability. This issue allows attackers to inject malicious scripts that can execute in the context of the user's browser when specific parameters are exploited. Unsuspecting users might click on a specially crafted link, which could lead to unauthorized actions or data theft. Website administrators using this plugin should consider updating to a secure version or mitigating the risk through additional security measures.

References

https://wordpress.org/plugins/tera-charts
x_refsource_MISC
http://www.securityfocus.com/bid/93580
vdb-entryx_refsource_BID
http://www.vapidlabs.com/wp/wp_advisory.php?v=455
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.