CVE-2017-6514
MEDIUMWordPress 4.7.2 - Path Disclosure via OEmbed Endpoint
Title source: llmDescription
WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring.
References (3)
Core 3
Core References
Broken Link x_refsource_misc
https://github.com/CFSECURITE/wordpress
Third Party Advisory x_refsource_misc
https://web.archive.org/web/20180612235401/https://github.com/CFSECURITE/wordpress
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108459
Scores
CVSS v3
5.3
EPSS
0.0138
EPSS Percentile
80.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
wordpress/wordpress
4.7.2
Published
May 22, 2019
Tracked Since
Feb 18, 2026