CVE-2014-4940

Name of the Vulnerable Software and Affected Versions Tera Charts (tera-charts) plugin version 0.1 for WordPress

Description The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This is achieved by including a .. (dot dot) in the fn parameter to specific API endpoints, such as "charts/treemap.php" or "charts/zoomabletreemap.php".

Recommendations For Tera Charts (tera-charts) plugin version 0.1, as a temporary workaround, consider restricting access to the "charts/treemap.php" and "charts/zoomabletreemap.php" endpoints until a patch is available. Avoid using the fn parameter in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.