Description
WordPress Plugin jRSS Widget is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin jRSS Widget version 1.1.1 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 1.2 or latest
References
Related Vulnerabilities
WordPress Plugin AW WordPress Yearly Category Archives Unspecified Vulnerability (1.2.1)
WordPress Plugin Media Tagz Gallery Multiple Unspecified Vulnerabilities (1.0)
WordPress 3.7.x Cross-Domain Flash Injection Vulnerability (3.7 - 3.7.24)
math.js Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-1001002)