CVE-2017-5487
published 2017-01-15CVE-2017-5487: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict…
PriorityP352medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EPSS
87.30%
99.7th percentile
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wordpress | < wordpress 4.7.1+dfsg-1 (bookworm) | wordpress 4.7.1+dfsg-1 (bookworm) |
| wordpress | wordpress | <= 4.7 | — |
| wordpress | wordpress | >= 0 < 4.7.1+dfsg-1 | 4.7.1+dfsg-1 |
| wordpress | wordpress | >= 0 < 4.7.1+dfsg-1 | 4.7.1+dfsg-1 |
| wordpress | wordpress | >= 0 < 4.7.1+dfsg-1 | 4.7.1+dfsg-1 |
| wordpress | wordpress | >= 0 < 4.7.1+dfsg-1 | 4.7.1+dfsg-1 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated GET requests to the WordPress REST API endpoint /wp-json/wp/v2/users, which enumerates post authors and exposes sensitive user information. ↗
- ·Vulnerability is present in WordPress 4.7 before 4.7.1; the fix is included in version 4.7.1+dfsg-1 on Debian-based systems. ↗
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.3MEDIUM
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-94q7-f538-38mf: wp-includes/rest-api/endpoints/class-wp-rest-users-controller
ghsa_unreviewed·2022-05-17
CVE-2017-5487 [MEDIUM] CWE-200 GHSA-94q7-f538-38mf: wp-includes/rest-api/endpoints/class-wp-rest-users-controller
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
OSV
CVE-2017-5487: wp-includes/rest-api/endpoints/class-wp-rest-users-controller
osv·2017-01-15·CVSS 5.3
CVE-2017-5487 [MEDIUM] CVE-2017-5487: wp-includes/rest-api/endpoints/class-wp-rest-users-controller
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
Debian
CVE-2017-5487: wordpress - wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST AP...
vendor_debian·2017·CVSS 5.3
CVE-2017-5487 [MEDIUM] CVE-2017-5487: wordpress - wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST AP...
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
Scope: local
bookworm: resolved (fixed in 4.7.1+dfsg-1)
bullseye: resolved (fixed in 4.7.1+dfsg-1)
forky: resolved (fixed in 4.7.1+dfsg-1)
sid: resolved (fixed in 4.7.1+dfsg-1)
trixie: resolved (fixed in 4.7.1+dfsg-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2017/01/14/6http://www.securityfocus.com/bid/95391http://www.securitytracker.com/id/1037591https://codex.wordpress.org/Version_4.7.1https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/https://wpvulndb.com/vulnerabilities/8715https://www.exploit-db.com/exploits/41497/https://www.wordfence.com/blog/2016/12/wordfence-blocks-username-harvesting-via-new-rest-api-wp-4-7/http://www.openwall.com/lists/oss-security/2017/01/14/6http://www.securityfocus.com/bid/95391http://www.securitytracker.com/id/1037591https://codex.wordpress.org/Version_4.7.1https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/https://wpvulndb.com/vulnerabilities/8715https://www.exploit-db.com/exploits/41497/https://www.wordfence.com/blog/2016/12/wordfence-blocks-username-harvesting-via-new-rest-api-wp-4-7/
2017-01-15
Published