MidnightBSD

Advisories for wpmobilepack

CVE-2014-5337 MEDIUM

The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
wpmobilepack wordpress_mobile_pack 1.1.2
wpmobilepack wordpress_mobile_pack 1.1.3
wpmobilepack wordpress_mobile_pack 1.2.4
wordpress_mobile_pack_project wordpress_mobile_pack 1.2.0
wpmobilepack wordpress_mobile_pack 1.1.1
wpmobilepack wordpress_mobile_pack 1.1.91
wpmobilepack wordpress_mobile_pack 2.0
wpmobilepack wordpress_mobile_pack 1.2.5
wordpress_mobile_pack_project wordpress_mobile_pack *
wpmobilepack wordpress_mobile_pack 1.1.92
wpmobilepack wordpress_mobile_pack 1.2.3
wpmobilepack wordpress_mobile_pack 1.2.1
wpmobilepack wordpress_mobile_pack 1.0.8223
wpmobilepack wordpress_mobile_pack 1.1.9
CVE-2015-9269 MEDIUM

The export/content.php exportarticle feature in the wordpress-mobile-pack plugin before 2.1.3 2015-06-03 for WordPress allows remote attackers to obtain sensitive information because the content of a privately published post is sent in JSON format.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
wpmobilepack wordpress_mobile_pack *
CVE-2023-37391

Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin <= 3.4.1 versions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
audit@patchstack.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L 2.8 2.5

Products Affected

Vendor Product Version
wpmobilepack wordpress_mobile_pack *