CVE-2017-5487

This PoC exploits CVE-2017-5487, a WordPress REST API user enumeration vulnerability, by querying the /wp-json/wp/v2/users/ endpoint to disclose sensitive user information. It supports both single URL and bulk file-based scanning with multi-threading.

This PoC exploits CVE-2017-5487, a vulnerability in WordPress REST API that allows unauthorized post editing. The script interacts with the WordPress REST API to enumerate users, posts, and edit posts without proper authentication.

This repository contains a Python script that scans for CVE-2017-5487, a WordPress REST API information disclosure vulnerability. It queries the `/wp-json/wp/v2/users/` endpoint to retrieve user data without authentication.

This repository contains a Python script that exploits CVE-2017-5487, a WordPress REST API vulnerability allowing username enumeration in versions < 4.7.1. The script sends requests to the vulnerable endpoint and parses the JSON response to list user IDs, names, and usernames.

This repository contains a Python script that enumerates WordPress usernames via the REST API vulnerability (CVE-2017-5487) affecting WordPress versions < 4.7.1. It sends HTTP requests to the vulnerable endpoint and parses JSON responses to extract user details.

This is a Python-based scanner for CVE-2017-5487, which exploits a WordPress REST API information disclosure vulnerability. It queries the `/wp-json/wp/v2/users/` endpoint to retrieve user data without authentication.

This PoC exploits CVE-2017-5487, a WordPress REST API vulnerability that leaks user information. It iterates through user IDs to retrieve usernames via unauthenticated API endpoints.

This repository contains two PowerShell scripts that exploit CVE-2017-5487, a WordPress REST API user enumeration vulnerability. The scripts query the `/wp/v2/users` endpoint (and an alternative route for WAF bypass) to retrieve user data, including usernames, IDs, and metadata.

This repository contains a detailed writeup in Korean explaining CVE-2017-5487, a WordPress REST API information disclosure vulnerability affecting versions prior to 4.7.1. It includes background on REST APIs, exploitation steps, and a simple PHP script to fetch user data via the vulnerable endpoint.

This script scans LeakIX for WordPress instances vulnerable to CVE-2017-5487 (REST API user enumeration) and extracts user credentials. It does not exploit the vulnerability but automates discovery of exposed endpoints.

The repository contains functional exploit code for CVE-2017-5487, an information disclosure vulnerability in WordPress versions 4.7.0 and earlier. The exploit sends a GET request to the /wp-json/wp/v2/users endpoint to retrieve user details without proper access controls.

This script queries the WordPress REST API endpoint to enumerate user information. It does not exploit a vulnerability but scans for exposed user data via the API.