PT-2022-16459 · WordPress · Rough Chart Wordpress Plugin
Siddhant Suresh Ughade
·
Published
2022-08-08
·
Updated
2022-08-11
·
CVE-2022-2409
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Rough Chart WordPress plugin versions through 1.0.0
Description
The issue concerns the Rough Chart WordPress plugin, which does not properly escape chart data labels. This could allow high-privilege users to perform Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed.
Recommendations
For Rough Chart WordPress plugin versions through 1.0.0, update to a version that properly escapes chart data labels to prevent Cross-Site Scripting attacks.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rough Chart Wordpress Plugin