Summary
This host is installed with WordPress
Mobile Pack Plugin and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow
attackers to bypass certain security restrictions and read password protected posts containing valuable information.
Impact Level: Application
Solution
Upgrade to version 2.0.2 or later,
For updates refer to http://wordpress.org/plugins/wordpress-mobile-pack/
Insight
The flaw is due to an error in the
export/content.php script which does not restrict access to password protected posts.
Affected
WordPress Mobile Pack plugin
version 2.0.1 and earlier.
Detection
Send the crafted HTTP GET request and
check is it possible to read the password protected posts.
References
Severity
Classification
-
CVE CVE-2014-5337 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Apache Tomcat TroubleShooter Servlet Installed
- Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
- Adobe JRun Management Console Multiple Vulnerabilities