WordPress Cross References Plugin <= 1.7 - Local File Inclusion

Back

WordPress Cross References Plugin <= 1.7 - Local File Inclusion

Product: Cross References
Description: Because of this vulnerability, the attackers can read arbitrary files via a full pathname in the "rss" parameter to proxy.php.
Solution: Update the plugin.
Classification: Type Local File Inclusion
References: CVE Mitre
CVE: Name CVE-2014-4941
Versions: Affected In <= 1.7
Fixed In 1.8
Disclosure date: 2014-07-11
Credits: Anant Shrivastava