WordPress Mobile Pack Plugin Information Disclosure Vulnerability Network Vulnerability

Summary

This host is installed with WordPress Mobile Pack Plugin and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow attackers to bypass certain security restrictions and read password protected posts containing valuable information. Impact Level: Application

Solution

Upgrade to version 2.0.2 or later, For updates refer to http://wordpress.org/plugins/wordpress-mobile-pack/

Insight

The flaw is due to an error in the export/content.php script which does not restrict access to password protected posts.

Affected

WordPress Mobile Pack plugin version 2.0.1 and earlier.

Detection

Send the crafted HTTP GET request and check is it possible to read the password protected posts.

References

http://packetstormsecurity.com/files/127949
http://wordpress.org/plugins/wordpress-mobile-pack/changelog

Updated on 2017-03-28

Severity

Classification

CVE CVE-2014-5337

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

An Image Gallery Directory Traversal Vulnerability
Admidio get_file.php Remote File Disclosure Vulnerability
Adobe ColdFusion Unspecified Information Disclosure Vulnerability
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
An Image Gallery Multiple Cross-Site Scripting Vulnerability

Take action and discover your vulnerabilities