CVE-2014-4941

NUCLEI

WordPress wp-cross-rss <1.7 - Path Traversal

Title source: llm

Description

Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.

Nuclei Templates (1)

Cross RSS 1.7 - Local File Inclusion

MEDIUMVERIFIEDby DhiyaneshDK

References (1)

[Exploit] http://codevigilant.com/disclosure/wp-plugin-cross-rss-local-file-inclusion/

Scores

EPSS 0.0044

EPSS Percentile 63.3%

Details

CWE

CWE-22

Status published

Products (1)

cross-rss_plugin_project/wp-cross-rss 1.7

Published Jul 11, 2014

Tracked Since Feb 18, 2026