CVE-2014-9292

EUVD-2014-9117
Server-side request forgery (SSRF) vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
jrss_widget_projectjrss_widget
𝑥
≤ 1.2
𝑥
= Vulnerable software versions
References
http://codevigilant.com/disclosure/wp-plugin-jrss-widget-ssrfxspa/
http://codevigilant.com/disclosure/wp-plugin-jrss-widget-ssrfxspa/