Vulnerability Description
The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wordpress Mobile Pack Project | Wordpress Mobile Pack | <= 2.0.1 |
| Wpmobilepack | Wordpress Mobile Pack | 1.0.8223 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/60584
- http://wordpress.org/plugins/wordpress-mobile-pack/changelog/Patch
- http://www.securityfocus.com/bid/69292
- https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordExploit
- http://secunia.com/advisories/60584
- http://wordpress.org/plugins/wordpress-mobile-pack/changelog/Patch
- http://www.securityfocus.com/bid/69292
- https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordExploit
FAQ
What is CVE-2014-5337?
CVE-2014-5337 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportar...
How severe is CVE-2014-5337?
CVE-2014-5337 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-5337?
Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Mobile Pack Project Wordpress Mobile Pack, Wpmobilepack Wordpress Mobile Pack.