WordPress Mobile Pack Plugin Information Disclosure Vulnerability Network Vulnerability

Summary

This host is installed with WordPress Mobile Pack Plugin and is prone to information disclosure vulnerability.

Impact

Successful exploitation will allow attackers to bypass certain security restrictions and read password protected posts containing valuable information. Impact Level: Application

Solution

Upgrade to version 2.0.2 or later, For updates refer to http://wordpress.org/plugins/wordpress-mobile-pack/

Insight

The flaw is due to an error in the export/content.php script which does not restrict access to password protected posts.

Affected

WordPress Mobile Pack plugin version 2.0.1 and earlier.

Detection

Send the crafted HTTP GET request and check is it possible to read the password protected posts.

References

http://packetstormsecurity.com/files/127949
http://wordpress.org/plugins/wordpress-mobile-pack/changelog

Updated on 2017-03-28

Severity

Classification

CVE CVE-2014-5337
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Afian 'includer.php' Directory Traversal Vulnerability
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
Apache Continuum Cross Site Scripting Vulnerability
Apache Solr Directory Traversal Vulnerability Jan-14

Take action and discover your vulnerabilities