CVE-2020-13700
published 2020-06-24CVE-2020-13700: An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation…
PriorityP260high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
12.96%
95.8th percentile
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acf_to_rest_api_project | acf_to_rest_api | <= 3.1.0 | — |
| airesvsg | acf-to-rest-api | 0 – 3.1.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring GET requests to the /wp-json/acf/v3/options/ endpoint, which can expose sensitive wp_options table data including credentials. ↗
- →A successful exploit response will return HTTP 200 with Content-Type: application/json and the string 'acf-to-rest-api/class-acf-to-rest-api.php' in the body. ↗
- →The vulnerability is an insecure direct object reference (IDOR/CWE-639) exploitable via permalink manipulation in the acf-to-rest-api WordPress plugin through version 3.1.0, requiring no authentication (CVSS PR:N). ↗
- ·The PoC probe uses specific query parameters (?id=active&field=plugins) but the vulnerability applies broadly to the /wp-json/acf/v3/options/ endpoint; other parameter combinations may also expose sensitive data. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
ghsa·2022-05-24
CVE-2020-13700 [HIGH] CWE-200 acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a `wp-json/acf/v3/options/` request that reads sensitive information in the `wp_options` table, such as the login and pass values.
OSV
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
osv·2022-05-24
CVE-2020-13700 [HIGH] acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a `wp-json/acf/v3/options/` request that reads sensitive information in the `wp_options` table, such as the login and pass values.
No detection rules found.
Nuclei
WordPress acf-to-rest-api <=3.1.0 - Insecure Direct Object Reference
nuclei·CVSS 7.5
CVE-2020-13700 [HIGH] WordPress acf-to-rest-api <=3.1.0 - Insecure Direct Object Reference
WordPress acf-to-rest-api 3.1.0 or apply the latest security patches.
reference:
- https://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5
- https://wordpress.org/plugins/acf-to-rest-api/#developers
- https://github.com/airesvsg/acf-to-rest-api
- https://nvd.nist.gov/vuln/detail/CVE-2020-13700
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2020-13700
cwe-id: CWE-639
epss-score: 0.90208
epss-percentile: 0.99592
cpe: cpe:2.3:a:acf_to_rest_api_project:acf_to_rest_api:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
vendor: acf_to_rest_api_project
product: acf_to_rest_api
framework: wordpress
tags: cve,cve2020,wordpress,plugin,acf_to_rest_api_project,vuln
http:
- method: GET
path:
No writeups or analysis indexed.
https://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5https://github.com/airesvsg/acf-to-rest-apihttps://wordpress.org/plugins/acf-to-rest-api/#developershttps://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5https://github.com/airesvsg/acf-to-rest-apihttps://wordpress.org/plugins/acf-to-rest-api/#developers
2020-06-24
Published