Vulnerability CVE-2017-5487
Published: 2017-01-14   Modified: 2017-01-15

Description:
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Wordpress >=4.7 wp-json User Enumeration Exploit
Ryan Dewhurst &a...
26.01.2017
Low
WordPress 4.7.1 Username Enumeration
Mateus a.k.a Dct...
04.03.2017

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Wordpress -> Wordpress 

 References:
http://www.openwall.com/lists/oss-security/2017/01/14/6
http://www.securityfocus.com/bid/95391
https://codex.wordpress.org/Version_4.7.1
https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60
https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
https://www.wordfence.com/blog/2016/12/wordfence-blocks-username-harvesting-via-new-rest-api-wp-4-7/
Copyright 2024, cxsecurity.com

 

Back to Top