CVE-2014-9292

Name of the Vulnerable Software and Affected Versions jRSS Widget plugin version 1.2 and earlier for WordPress

Description A server-side request forgery (SSRF) issue allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter.

Recommendations For jRSS Widget plugin version 1.2 and earlier, update to a version later than 1.2 to resolve the issue. As a temporary workaround, consider restricting access to the proxy.php file to minimize the risk of exploitation. Avoid using the url parameter in the affected plugin until the issue is resolved.