ThreatPress

WordPress Vulnerabilities Database

Back

WordPress jRSS Widget Plugin <= 1.2 - SSRF

Product
jRSS Widget
Description
This vulnerability is in the proxy.php. It allows the attackers to trigger outbound requests and enumerate open ports via the "URL" parameter.
Solution
Update the plugin.
Classification
Type Server Side Request Forgery (SSRF)
References
CVE Mitre
CVE
Name CVE-2014-9292
Versions
Affected In <= 1.2
Fixed In 1.3
Disclosure date
2014-12-05
Credits
Prajal Kulkarni