Vulnerabilites related to wpmobilepack - wordpress_mobile_pack
CVE-2014-5337 (GCVE-0-2014-5337)
Vulnerability from cvelistv5
Published
2014-08-29 14:00
Modified
2024-08-06 11:41
Severity ?
CWE
  • n/a
Summary
The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php.
References
http://wordpress.org/plugins/wordpress-mobile-pack/changelog/x_refsource_CONFIRM
http://www.securityfocus.com/bid/69292vdb-entry, x_refsource_BID
http://secunia.com/advisories/60584third-party-advisory, x_refsource_SECUNIA
https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:41:48.689Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wordpress.org/plugins/wordpress-mobile-pack/changelog/"
          },
          {
            "name": "69292",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/69292"
          },
          {
            "name": "60584",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60584"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-08-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-08-29T13:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wordpress.org/plugins/wordpress-mobile-pack/changelog/"
        },
        {
          "name": "69292",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/69292"
        },
        {
          "name": "60584",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60584"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-5337",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://wordpress.org/plugins/wordpress-mobile-pack/changelog/",
              "refsource": "CONFIRM",
              "url": "http://wordpress.org/plugins/wordpress-mobile-pack/changelog/"
            },
            {
              "name": "69292",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/69292"
            },
            {
              "name": "60584",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60584"
            },
            {
              "name": "https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/",
              "refsource": "MISC",
              "url": "https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-5337",
    "datePublished": "2014-08-29T14:00:00",
    "dateReserved": "2014-08-18T00:00:00",
    "dateUpdated": "2024-08-06T11:41:48.689Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-9269 (GCVE-0-2015-9269)
Vulnerability from cvelistv5
Published
2018-10-01 23:00
Modified
2024-08-06 08:43
Severity ?
CWE
  • n/a
Summary
The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format.
References
https://www.openwall.com/lists/oss-security/2015/07/19/1x_refsource_MISC
https://seclists.org/fulldisclosure/2015/Jul/97x_refsource_MISC
https://wordpress.org/plugins/wordpress-mobile-pack/#developersx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:43:42.569Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2015/07/19/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://seclists.org/fulldisclosure/2015/Jul/97"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/wordpress-mobile-pack/#developers"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-10-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-01T23:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2015/07/19/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://seclists.org/fulldisclosure/2015/Jul/97"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wordpress.org/plugins/wordpress-mobile-pack/#developers"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-9269",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openwall.com/lists/oss-security/2015/07/19/1",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2015/07/19/1"
            },
            {
              "name": "https://seclists.org/fulldisclosure/2015/Jul/97",
              "refsource": "MISC",
              "url": "https://seclists.org/fulldisclosure/2015/Jul/97"
            },
            {
              "name": "https://wordpress.org/plugins/wordpress-mobile-pack/#developers",
              "refsource": "MISC",
              "url": "https://wordpress.org/plugins/wordpress-mobile-pack/#developers"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-9269",
    "datePublished": "2018-10-01T23:00:00",
    "dateReserved": "2018-10-01T00:00:00",
    "dateUpdated": "2024-08-06T08:43:42.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-37391 (GCVE-0-2023-37391)
Vulnerability from cvelistv5
Published
2023-07-11 09:45
Modified
2025-02-19 21:28
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CWE
  • CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin <= 3.4.1 versions.
References
https://patchstack.com/database/vulnerability/wordpress-mobile-pack/wordpress-wordpress-mobile-pack-plugin-3-4-1-broken-access-control-vulnerability?_s_id=cvevdb-entry
Impacted products
Vendor Product Version
WPMobilePack.com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps Version: n/a   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:09:34.211Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://patchstack.com/database/vulnerability/wordpress-mobile-pack/wordpress-wordpress-mobile-pack-plugin-3-4-1-broken-access-control-vulnerability?_s_id=cve"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37391",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-19T20:47:58.976757Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-19T21:28:25.563Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "wordpress-mobile-pack",
          "product": "WordPress Mobile Pack \u2013 Mobile Plugin for Progressive Web Apps \u0026 Hybrid Mobile Apps",
          "vendor": "WPMobilePack.com",
          "versions": [
            {
              "lessThanOrEqual": "3.4.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "LEE SE HYOUNG (Patchstack Alliance)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack \u2013 Mobile Plugin for Progressive Web Apps \u0026amp; Hybrid Mobile Apps plugin \u0026lt;=\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;3.4.1 versions.\u003c/span\u003e"
            }
          ],
          "value": "Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack \u2013 Mobile Plugin for Progressive Web Apps \u0026 Hybrid Mobile Apps plugin \u003c=\u00a03.4.1 versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-62",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-62 Cross Site Request Forgery"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-11T09:45:07.141Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/vulnerability/wordpress-mobile-pack/wordpress-wordpress-mobile-pack-plugin-3-4-1-broken-access-control-vulnerability?_s_id=cve"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress WordPress Mobile Pack Plugin \u003c= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2023-37391",
    "datePublished": "2023-07-11T09:45:07.141Z",
    "dateReserved": "2023-07-05T11:22:04.823Z",
    "dateUpdated": "2025-02-19T21:28:25.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2023-07-11 10:15
Modified
2024-11-21 08:11
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin <= 3.4.1 versions.
References
audit@patchstack.comhttps://patchstack.com/database/vulnerability/wordpress-mobile-pack/wordpress-wordpress-mobile-pack-plugin-3-4-1-broken-access-control-vulnerability?_s_id=cveThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://patchstack.com/database/vulnerability/wordpress-mobile-pack/wordpress-wordpress-mobile-pack-plugin-3-4-1-broken-access-control-vulnerability?_s_id=cveThird Party Advisory
Impacted products
Vendor Product Version
wpmobilepack wordpress_mobile_pack *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "6DAF0718-CD4E-498C-AE09-F6C7F225083F",
              "versionEndIncluding": "3.4.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack \u2013 Mobile Plugin for Progressive Web Apps \u0026 Hybrid Mobile Apps plugin \u003c=\u00a03.4.1 versions."
    }
  ],
  "id": "CVE-2023-37391",
  "lastModified": "2024-11-21T08:11:38.040",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "audit@patchstack.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-11T10:15:11.947",
  "references": [
    {
      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/wordpress-mobile-pack/wordpress-wordpress-mobile-pack-plugin-3-4-1-broken-access-control-vulnerability?_s_id=cve"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://patchstack.com/database/vulnerability/wordpress-mobile-pack/wordpress-wordpress-mobile-pack-plugin-3-4-1-broken-access-control-vulnerability?_s_id=cve"
    }
  ],
  "sourceIdentifier": "audit@patchstack.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "audit@patchstack.com",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-08-29 13:55
Modified
2025-04-12 10:46
Severity ?
Summary
The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php.
References
cve@mitre.orghttp://secunia.com/advisories/60584
cve@mitre.orghttp://wordpress.org/plugins/wordpress-mobile-pack/changelog/Patch
cve@mitre.orghttp://www.securityfocus.com/bid/69292
cve@mitre.orghttps://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/Exploit
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60584
af854a3a-2127-422b-91ae-364da2661108http://wordpress.org/plugins/wordpress-mobile-pack/changelog/Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/69292
af854a3a-2127-422b-91ae-364da2661108https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/Exploit
Impacted products
Vendor Product Version
wordpress_mobile_pack_project wordpress_mobile_pack *
wordpress_mobile_pack_project wordpress_mobile_pack 1.2.0
wordpress_mobile_pack_project wordpress_mobile_pack 1.2.0
wordpress_mobile_pack_project wordpress_mobile_pack 1.2.0
wpmobilepack wordpress_mobile_pack 1.0.8223
wpmobilepack wordpress_mobile_pack 1.1.1
wpmobilepack wordpress_mobile_pack 1.1.2
wpmobilepack wordpress_mobile_pack 1.1.3
wpmobilepack wordpress_mobile_pack 1.1.9
wpmobilepack wordpress_mobile_pack 1.1.91
wpmobilepack wordpress_mobile_pack 1.1.92
wpmobilepack wordpress_mobile_pack 1.2.1
wpmobilepack wordpress_mobile_pack 1.2.3
wpmobilepack wordpress_mobile_pack 1.2.4
wpmobilepack wordpress_mobile_pack 1.2.5
wpmobilepack wordpress_mobile_pack 2.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wordpress_mobile_pack_project:wordpress_mobile_pack:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "F147661F-7D08-4231-8229-B4273D67C958",
              "versionEndIncluding": "2.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress_mobile_pack_project:wordpress_mobile_pack:1.2.0:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "EF6C3461-6D06-41C2-B7CB-8A15E77F1F8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress_mobile_pack_project:wordpress_mobile_pack:1.2.0:b:*:*:*:wordpress:*:*",
              "matchCriteriaId": "FA2446E1-1FE5-4EE5-BE90-A2230F0772C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress_mobile_pack_project:wordpress_mobile_pack:1.2.0:b2:*:*:*:wordpress:*:*",
              "matchCriteriaId": "276E1165-2B5A-48C9-B531-6B5234218037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.0.8223:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "FB60A4D2-A776-42A6-8AE6-788D8D0DA8EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.1.1:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "5907D0D5-D160-4AE9-8DBD-0D48ECF06FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.1.2:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "FE9DD3FC-F06B-4B46-A1D8-83A6447919A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.1.3:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "4ADFFC5D-9C60-40D7-B3A7-E19B52262227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.1.9:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "92964F06-6BD9-4C99-84B4-82DD621D3875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.1.91:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "518DDAA6-0C6E-473F-BDC7-F7B3DC18F2D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.1.92:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "FB8A85F7-388A-477E-930B-4F2C1756BF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.2.1:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "1651AC7B-4ECA-4F26-85FB-0B1EE4C1FDF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.2.3:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "75A8B3EC-E9AC-4765-9B66-ECE7987C0C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.2.4:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "AE63A1AE-BE24-49D1-B72E-2780E4111F4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:1.2.5:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "47D24AAA-CC3D-4611-91DD-A7680303EFF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:2.0:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "EAD0E689-0205-4C2B-AC4D-22BE96AA03CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php."
    },
    {
      "lang": "es",
      "value": "El plugin WordPress Mobile Pack anterior a 2.0.2 para WordPress no restringe debidamente el acceso a los puesto protegidos por contrase\u00f1a, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una acci\u00f3n exportarticles en export/content.php."
    }
  ],
  "id": "CVE-2014-5337",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-08-29T13:55:05.410",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/60584"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://wordpress.org/plugins/wordpress-mobile-pack/changelog/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/69292"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://wordpress.org/plugins/wordpress-mobile-pack/changelog/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/69292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-10-01 23:29
Modified
2024-11-21 02:40
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format.
References
cve@mitre.orghttps://seclists.org/fulldisclosure/2015/Jul/97Exploit, Mailing List, Third Party Advisory
cve@mitre.orghttps://wordpress.org/plugins/wordpress-mobile-pack/#developersRelease Notes, Third Party Advisory
cve@mitre.orghttps://www.openwall.com/lists/oss-security/2015/07/19/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/fulldisclosure/2015/Jul/97Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://wordpress.org/plugins/wordpress-mobile-pack/#developersRelease Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2015/07/19/1Mailing List, Third Party Advisory
Impacted products
Vendor Product Version
wpmobilepack wordpress_mobile_pack *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wpmobilepack:wordpress_mobile_pack:*:*:*:*:*:wordpress:*:*",
              "matchCriteriaId": "B189C5C5-96A0-4450-AD22-AF82B1EF686C",
              "versionEndExcluding": "2.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format."
    },
    {
      "lang": "es",
      "value": "La caracter\u00edstica exportarticle en export/content.php en el plugin wordpress-mobile-pack en versiones anteriores a la 2.1.3 2015-06-03 para WordPress permite que atacantes remotos obtengan informaci\u00f3n sensible debido a que el contenido de una publicaci\u00f3n publicada de forma privada se env\u00eda en formato JSON."
    }
  ],
  "id": "CVE-2015-9269",
  "lastModified": "2024-11-21T02:40:12.907",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-01T23:29:00.297",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2015/Jul/97"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://wordpress.org/plugins/wordpress-mobile-pack/#developers"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2015/07/19/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/fulldisclosure/2015/Jul/97"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://wordpress.org/plugins/wordpress-mobile-pack/#developers"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.openwall.com/lists/oss-security/2015/07/19/1"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}