CVE-2015-9269

7.5HIGH

Key Information:

Vendor: Wordpress
Status: WordPress Mobile Pack
Vendor: CVE Published:; 1 October 2018

Summary

The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format.

References

https://www.openwall.com/lists/oss-security/2015/07/19/1

x_refsource_MISC

https://seclists.org/fulldisclosure/2015/Jul/97

x_refsource_MISC

https://wordpress.org/plugins/wordpress-mobile-pack/#deve...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 1, 2018
Vulnerability Reserved
Oct 1, 2018