Mateus a.k.a Dctor

CVE-2017-5487 NOMISEC MEDIUM WRITEUP

Wordpress < 4.7 - Information Disclosure

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.

CVSS 5.3

View Code

CVE-2017-5487 EXPLOITDB MEDIUM php SCANNER

Wordpress < 4.7 - Information Disclosure

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.

CVSS 5.3

View Code