Information Disclosure Vulnerability in WordPress Mobile Pack Plugin
CVE-2014-5337

Currently unrated

Key Information:

Vendor: Wordpress
Status: WordPress Mobile Pack
Vendor: CVE Published:; 29 August 2014

Summary

The WordPress Mobile Pack plugin prior to version 2.0.2 contains a significant flaw that fails to adequately restrict access to password-protected posts. This loophole can be exploited by remote attackers, allowing them to access sensitive information through the export/articles action in the export/content.php file. As a result, unauthorized users could read content that should remain private, posing a serious threat to data security.

References

http://wordpress.org/plugins/wordpress-mobile-pack/change...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/69292

vdb-entryx_refsource_BID

http://secunia.com/advisories/60584

third-party-advisoryx_refsource_SECUNIA

EPSS Score

52% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 29, 2014
Vulnerability Reserved
Aug 18, 2014