CVE-2014-4941
published 2014-07-11CVE-2014-4941: Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname…
PriorityP433medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
4.31%
89.9th percentile
Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cross-rss_plugin_project | wp-cross-rss | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Cross RSS 1.7 - Local File Inclusion
nuclei·CVSS 5.0
CVE-2014-4941 [MEDIUM] Cross RSS 1.7 - Local File Inclusion
Cross RSS 1.7 - Local File Inclusion
Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.
Template:
id: CVE-2014-4941
info:
name: Cross RSS 1.7 - Local File Inclusion
author: DhiyaneshDK
severity: medium
description: |
Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.
impact: |
Attackers can read arbitrary files on the server, potentially exposing sensitive information.
remediation: |
Update to the latest version of the plugin that addresses this vulnerability.
reference:
- https://wordpress.org/plugins/cr
No writeups or analysis indexed.
2014-07-11
Published