WordPress Plugin jRSS Widget 'url' Parameter Directory Traversal (1.1.1)

Description
  • WordPress Plugin jRSS Widget is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin jRSS Widget version 1.1.1 is vulnerable; other versions may also be affected.
Remediation
  • Update to plugin version 1.2 or latest
References