2 matches found
Cross RSS 1.7 - Local File Inclusion
Absolute path traversal vulnerability in Cross-RSS wp-cross-rss plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php. id: CVE-2014-4941 info: name: Cross RSS 1.7 - Local File Inclusion author: DhiyaneshDK severity: medium...
CVE-2014-4941
Cross-RSS for WordPress (plugin 1.7) is affected by an Absolute Path Traversal via the rss parameter to proxy.php, enabling reading arbitrary server files. Root cause: local file inclusion in the plugin’s handling of the rss input. Impact: potential exposure of sensitive files on the server. Reme...