Vulnerability Details : CVE-2014-5337
Public exploit exists!
The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php.
Exploit prediction scoring system (EPSS) score for CVE-2014-5337
Probability of exploitation activity in the next 30 days: 2.67%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2014-5337
-
WordPress Mobile Pack Information Disclosure Vulnerability
First seen: 2020-04-26auxiliary/scanner/http/wp_mobile_pack_info_disclosureThis module exploits an information disclosure vulnerability in WordPress Plugin "WP Mobile Pack" version 2.1.2, allowing to read files with privileges information. Authors: - Nitin Venkatesh - Roberto Soares Espreto <robertoespreto@gmail.com>
CVSS scores for CVE-2014-5337
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-5337
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-5337
-
https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/
Information disclosure vulnerability in WordPress Mobile Pack allows anybody to read password protected posts – dxw advisoriesExploit
-
http://www.securityfocus.com/bid/69292
WordPress Mobile Pack Plugin 'content.php' Information Disclosure Vulnerability
-
http://wordpress.org/plugins/wordpress-mobile-pack/changelog/
WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps – WordPress plugin | WordPress.orgPatch
Products affected by CVE-2014-5337
- Wordpress Mobile Pack Project » Wordpress Mobile Pack » For WordpressVersions up to, including, (<=) 2.0.1cpe:2.3:a:wordpress_mobile_pack_project:wordpress_mobile_pack:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:wordpress_mobile_pack_project:wordpress_mobile_pack:1.2.0:b2:*:*:*:wordpress:*:*
- cpe:2.3:a:wordpress_mobile_pack_project:wordpress_mobile_pack:1.2.0:b:*:*:*:wordpress:*:*
- cpe:2.3:a:wordpress_mobile_pack_project:wordpress_mobile_pack:1.2.0:*:*:*:*:wordpress:*:*
- cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.2.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.2.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.1.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.1.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.1.92:*:*:*:*:wordpress:*:*
- cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.1.91:*:*:*:*:wordpress:*:*
- cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:2.0:*:*:*:*:wordpress:*:*
- cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.2.5:*:*:*:*:wordpress:*:*
- cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.0.8223:*:*:*:*:wordpress:*:*
- cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.2.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.1.9:*:*:*:*:wordpress:*:*
- cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.1.2:*:*:*:*:wordpress:*:*