WordPress Plugin Vulnerabilities

amCharts: Charts and Maps < 1.4.5 - Reflected Cross-Site Scripting via Cross-Site Request Forgery

Description

The amCharts: Charts and Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'amcharts_javascript' parameter in all versions up to, and including, 1.4.4 due to the ability to supply arbitrary JavaScript a lack of nonce validation on the preview functionality. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Affects Plugins

Plugin icon
amcharts-charts-and-maps
Fixed in 1.4.5

References

CVE
CVE-2024-8622
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/5e3593e8-3840-4db0-8269-61bbcb50d569

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Verified
No
WPVDB ID
61b7af70-123b-49c5-9ada-44e6523ca3b4

Timeline

Publicly Published
2024-09-11 (about 1 year ago)
Added
2024-09-11 (about 1 year ago)
Last Updated
2024-09-12 (about 1 year ago)

Other

Published
Title
Published
2025-11-12
Title
Save as PDF Button <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via restpackpdfbutton Shortcode
Published
2024-07-10
Title
AdPush <= 1.50 - Reflected Cross-Site Scripting
Published
2021-10-20
Title
Forminator < 1.15.4 - Admin+ Stored Cross-Site Scripting
Published
2025-01-07
Title
Powerful Auto Chat <= 1.9.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Published
2024-06-27
Title
Social Rocket < 1.3.4 - Reflected Cross-Site Scripting