ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Cross References Plugin <= 1.7 - Local File Inclusion

Product
Cross References
Description
Because of this vulnerability, the attackers can read arbitrary files via a full pathname in the "rss" parameter to proxy.php.
Solution
Update the plugin.
Classification
Type Local File Inclusion
References
CVE Mitre
CVE
Name CVE-2014-4941
Versions
Affected In <= 1.7
Fixed In 1.8
Disclosure date
2014-07-11
Credits
Anant Shrivastava