5
CVSSv2

CVE-2017-5487

Published: 15/01/2017 Updated: 01/09/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 506
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 prior to 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.

Vulnerability Trend

Affected Products

Vendor Product Versions
WordpressWordpress4.7

Vendor Advisories

A vulnerability has been discovered in wordpress exposing user data for all users who had authored a post of a public post type via the REST API wordpress 471 limits this to only post types which have specified that they should be shown within the REST API ...
Debian Bug report logs - #852767 wordpress: 472 security release (CVE-2017-5610 CVE-2017-5611 CVE-2017-5612) Package: src:wordpress; Maintainer for src:wordpress is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 27 Jan 2017 06:18:01 UTC Severity: grave Tags: fixed- ...
Arch Linux Security Advisory ASA-201701-22 ========================================== Severity: High Date : 2017-01-15 CVE-ID : CVE-2016-10033 CVE-2016-10045 CVE-2017-5487 CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493 Package : wordpress Type : multiple issues Remote : Yes Link : ...

Exploits

#!usr/bin/php <?php #Author: Mateus aka Dctor #fb: fbcom/hatbashbr/ #E-mail: dctoralves@protonmailch #Site: mateuslinotk header ('Content-type: text/html; charset=UTF-8'); $url= "localhost/"; $payload="wp-json/wp/v2/users/"; $urli = file_get_contents($url$payload); $json = json_decode($urli, true); if($json){ echo "*--- ...

Github Repositories

CVE-2017-5487 POC of CVE-2017-5487 + tool

wpUsersScan About wpUsersScan Enumerate the users list of the wordpress websites through the REST API / CVE-2017-5487,WordPress < 471 - Username Enumeration Usage $ python wpUsersScanpy URL How to install Clone Clone the repository with: $ git clone githubcom/R3K1NG/wpUsersScangit $ cd wpUsersScan $ python wpUsersScanpy Dependencies Install the requir

wpUsersScan About wpUsersScan Enumerate the users list of the wordpress websites through the REST API / CVE-2017-5487,WordPress < 471 - Username Enumeration Usage $ python wpUsersScanpy URL How to install Clone Clone the repository with: $ git clone githubcom/ihebski/wpUsersScangit $ cd wpUsersScan $ python wpUsersScanpy Dependencies Install the requi

Test |-- cqr |-- -7ab1fa06cc2b6337gif |-- directoryListmd |-- READMEmd |-- 0708 | |-- READMEmd |-- 0709 | |-- READMEmd | |-- 捕获PNG |-- 0710+11 | |-- copied from otherspy | |-- READMEmd |-- 0712 | |-- bling_inpy | |-- cve-2017-5487php | |-- pocpy | |-- READMEmd |-- 0713 |

Project 7 - WordPress Pentesting Time spent: 5 hours spent in total Objective: Find, analyze, recreate, and document five vulnerabilities affecting an old version of WordPress Pentesting Report CVE-2017-1001000 Summary: The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controllerphp in the REST API in WordPress 47x before 472 does no

Exploit-Framework Exploits: Vendor Vulnerability Effected Version Description Author zblog NOT_CVE <=151 Zblog Authenticated LFI @Shutdown_r OpenSNS NOT_CVE <=331 OpenSNS UnAuthenticated GetShell @90sec Joomla CVE-2015-8562 15<345 Joomla Header Unauthenticated RCE @Andrew McNicol Codiad CVE-2017-11366 <=283 Codiad Authenticated