CVE-2014-9292

Server-side request forgery (SSRF) vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://codevigilant.com/disclosure/wp-plugin-jrss-widget-ssrfxspa/	Exploit
http://codevigilant.com/disclosure/wp-plugin-jrss-widget-ssrfxspa/	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:jrss_widget_project:jrss_widget:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 02:20

Type	Values Removed	Values Added
References	~~() http://codevigilant.com/disclosure/wp-plugin-jrss-widget-ssrfxspa/ - Exploit~~	() http://codevigilant.com/disclosure/wp-plugin-jrss-widget-ssrfxspa/ - Exploit

Information

Published : 2014-12-05 22:59

Updated : 2025-04-12 10:46

NVD link : CVE-2014-9292

Mitre link : CVE-2014-9292

CVE.ORG link : CVE-2014-9292

JSON object : View

Products Affected

jrss_widget_project

jrss_widget

CWE

NVD-CWE-Other

5.8 /10