Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-5487

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2017011...
MISC: https://www.wordfence....
CONFIRM: https://codex.wordpres...
CONFIRM: https://github.com/Wor...
CONFIRM: https://wordpress.org/...
BID: 95391
MISC: https://wpvulndb.com/v...
SECTRACK: 1037591
EXPLOIT-DB: 41497

Launchpad.net

CVE 2017-5487

Related bugs

References