CVE-2014-4941

NUCLEI

WordPress wp-cross-rss <1.7 - Path Traversal

Title source: llm

Exploitation Summary

CVE-2014-4941 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.

Nuclei Templates (1)

Cross RSS 1.7 - Local File Inclusion

MEDIUMVERIFIEDby DhiyaneshDK

References (1)

Core 1

Core References

Exploit x_refsource_misc

http://codevigilant.com/disclosure/wp-plugin-cross-rss-local-file-inclusion/

Scores

EPSS 0.0070

EPSS Percentile 72.7%

Details

CWE

CWE-22

Status published

Products (1)

cross-rss_plugin_project/wp-cross-rss 1.7

Published Jul 11, 2014

Tracked Since Feb 18, 2026