Lucene search
HistoryOct 03, 2022 - 4:20 p.m.
CVE-2014-4941
cve-2014-4941
cross-rss
wp-cross-rss
wordpress
vulnerability
path traversal
remote attack
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7 High
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
82.3%
Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.
Affected configurations
Node
cross-rss_plugin_projectwp-cross-rssMatch1.7wordpress
| CPE | Name | Operator | Version |
|---|---|---|---|
| cross-rss_plugin_project:wp-cross-rss | cross-rss plugin project wp-cross-rss | eq | 1.7 |
Related
wpvulndb
wpvulndb
Cross RSS 1.7 - proxy.php rss Parameter Local File Inclusion
2014-08-01 10:59:15
patchstack
patchstack
WordPress Cross References Plugin <= 1.7 - Local File Inclusion
2014-07-11 00:00:00
prion
prion
Path traversal
2014-07-11 20:55:00
cvelist
cvelist
CVE-2014-4941
2022-10-03 16:20:45
nvd
nvd
CVE-2014-4941
2014-07-11 20:55:03
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
7 High
AI Score
Confidence
Low
0.008 Low
EPSS
Percentile
82.3%
Related for CVE-2014-4941