CVE-2014-5337

WordPress Mobile Pack < 2.0.2 - Unauthenticated Information Disclosure via Export Articles Action

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5337. PoCs published by Nitin Venkatesh, including Metasploit module auxiliary/scanner/http/wp_mobile_pack_info_disclosure.

AI-analyzed exploit summary This Metasploit module exploits an information disclosure vulnerability in the WordPress Mobile Pack plugin (version 2.1.2) by sending a crafted GET request to retrieve sensitive file contents. The exploit leverages a JSON response to extract and store the disclosed information.

Description

The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php.

Exploits (1)

metasploit WORKING POC

by Nitin Venkatesh · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wp_mobile_pack_info_disclosure.rb

View Code ZIP pw:eip

This Metasploit module exploits an information disclosure vulnerability in the WordPress Mobile Pack plugin (version 2.1.2) by sending a crafted GET request to retrieve sensitive file contents. The exploit leverages a JSON response to extract and store the disclosed information.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: WordPress Mobile Pack plugin version 2.1.2

No auth needed

Prerequisites: Target must have the vulnerable WordPress Mobile Pack plugin installed and accessible

MITRE ATT&CK

T1083 - File and Directory Discovery T1119 - Automated Collection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Patch x_refsource_confirm

http://wordpress.org/plugins/wordpress-mobile-pack/changelog/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/69292

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/60584

Exploit x_refsource_misc

https://security.dxw.com/advisories/information-disclosure-vulnerability-in-wordpress-mobile-pack-allows-anybody-to-read-password-protected-posts/

Scores

EPSS 0.1699

EPSS Percentile 96.7%

Details

CWE

CWE-264

Status published

Products (14)

wordpress_mobile_pack_project/wordpress_mobile_pack 1.2.0 (3 CPE variants)

wordpress_mobile_pack_project/wordpress_mobile_pack < 2.0.1

wpmobilepack/wordpress_mobile_pack 1.0.8223

wpmobilepack/wordpress_mobile_pack 1.1.1

wpmobilepack/wordpress_mobile_pack 1.1.2

wpmobilepack/wordpress_mobile_pack 1.1.3

wpmobilepack/wordpress_mobile_pack 1.1.9

wpmobilepack/wordpress_mobile_pack 1.1.91

wpmobilepack/wordpress_mobile_pack 1.1.92

wpmobilepack/wordpress_mobile_pack 1.2.1

... and 4 more

Published Aug 29, 2014

Tracked Since Feb 18, 2026