WordPress Plugin jRSS Widget Server-Side Request Forgery - CVE-2014-9292 - Vulnerability Database

WordPress Plugin jRSS Widget Server-Side Request Forgery - CVE-2014-9292

Critical
Reference: CVE-2014-9292
Title: WordPress Plugin jRSS Widget Server-Side Request Forgery
Overview:

WordPress Plugin jRSS Widget is prone to a server-side request forgery vulnerability. An attacker may leverage this issue to make the vulnerable server perform port scanning of hosts in internal or external networks other attacks are also possible. WordPress Plugin jRSS Widget version 1.2 is vulnerable prior versions may also be affected.