WordPress Cross References Plugin <= 1.7 - Local File Inclusion
- Product
- Cross References
- Description
- Because of this vulnerability, the attackers can read arbitrary files via a full pathname in the "rss" parameter to proxy.php.
- Solution
- Update the plugin.
- Classification
-
Type Local File Inclusion
- References
-
CVE Mitre
- CVE
- Name CVE-2014-4941
- Versions
-
Affected In
<= 1.7
Fixed In 1.8 - Disclosure date
- 2014-07-11
- Credits
- Anant Shrivastava