WordPress Plugin Vulnerabilities

Tera Charts 0.1 - Unauthenticated Remote Path Traversal File Disclosure

Description

The tera-charts WordPress plugin was affected by an Unauthenticated Remote Path Traversal File Disclosure security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
tera-charts
Fixed in 1.0

References

CVE
CVE-2014-4940
URL
https://codevigilant.com/disclosure/wp-plugin-tera-chart-local-file-inclusion/

Classification

Type
FPD
OWASP top 10
A6: Security Misconfiguration
CWE
CWE-209

Miscellaneous

Original Researcher
Anant Shrivastava
Verified
No
WPVDB ID
eccaa27e-c263-4db4-aedd-5c1ce9fce3fc

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-02-20 (about 6 years ago)

Other

Published
Title
Published
2021-10-05
Title
Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure
Published
2024-11-28
Title
Posti Shipping < 3.10.3 - Full Path Disclosure
Published
2025-02-17
Title
BigBuy Dropshipping Connector for WooCommerce < 2.0.1 - Unauthenticated Full Path Disclosute
Published
2014-08-01
Title
AntiVirus 1.0 - uninstall.php Direct Request Path Disclosure
Published
2014-08-01
Title
JS MultiHotel 2.2.1 - Multiple Script Direct Request Path Disclosure