Headline
CVE-2022-36405: WordPress amCharts: Charts and Maps plugin <= 1.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts and Maps plugin <= 1.4 at WordPress.
Verified
Fixed
5.4
CVSS 3.1 score Medium severity
Monitoring Coming soon
PSID
138b6f2f09e2
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires contributor or higher role user authentication.
Publicly disclosed
2022-08-09
Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress amCharts: Charts and Maps plugin (versions <= 1.4).
Solution
Update the WordPress amCharts: Charts and Maps plugin to the latest available version (at least 1.4.1).
References