Information Disclosure Vulnerability in WordPress Mobile Pack Plugin
CVE-2014-5337

Currently unrated

Key Information:

Vendor

Wordpress
Status
WordPress Mobile Pack
Vendor
CVE Published:
29 August 2014

What is CVE-2014-5337?

The WordPress Mobile Pack plugin prior to version 2.0.2 contains a significant flaw that fails to adequately restrict access to password-protected posts. This loophole can be exploited by remote attackers, allowing them to access sensitive information through the export/articles action in the export/content.php file. As a result, unauthorized users could read content that should remain private, posing a serious threat to data security.

References

http://wordpress.org/plugins/wordpress-mobile-pack/change...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/69292
vdb-entryx_refsource_BID
http://secunia.com/advisories/60584
third-party-advisoryx_refsource_SECUNIA

EPSS Score

52% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.