ThreatPress

WordPress Vulnerabilities Database

Back

WordPress jRSS Widget Plugin 1.1.1 - Information Disclosure Vulnerability

Product
jRSS Widget
Description
This jRSS Widget plugin is prone to an information-disclosure vulnerability. Application fails to validate user-supplied data. Because of this issue, an attacker can view local files in the context of the affected application. In that way, the attacker obtains sensitive information. Other attacks are also possible.
Solution
Update the plugin.
Classification
Type Information Disclosure
References
Exploit-DB
CVE
Name CVE-N/A
Versions
Affected In <= 1.1.1
Fixed In 1.1.2
Disclosure date
2010-11-08
Credits
John Leitch