What is CVE-2014-5337?

CVE-2014-5337 is a vulnerability in Wordpress_mobile_pack_project Wordpress_mobile_pack, classified under CWE-264. Published 2014-08-29.

Is CVE-2014-5337 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Wordpress_mobile_pack_project Wordpress_mobile_pack

CVE-2014-5337

The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php.

EPSS: 0.528 (98.0th percentile) — read the EPSS interpretation.

Affected products

Wordpress_mobile_pack_project Wordpress_mobile_pack — versions 1.2.0
Wpmobilepack Wordpress_mobile_pack — versions 1.0.8223, 1.1.1, 1.1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_CONFIRM, Patch)
69292 (vdb-entry, x_refsource_BID)
60584 (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (Exploit, x_refsource_MISC)

Frequently asked questions

What is CVE-2014-5337?: CVE-2014-5337 is a vulnerability in Wordpress_mobile_pack_project Wordpress_mobile_pack, classified under CWE-264. Published 2014-08-29.
Is CVE-2014-5337 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.