cbcvebase.
CVE-2020-13700
published 2020-06-24

CVE-2020-13700: An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation…

PriorityP260high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
12.96%
95.8th percentile
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.

Affected

2 ranges
VendorProductVersion rangeFixed in
acf_to_rest_api_projectacf_to_rest_api<= 3.1.0
airesvsgacf-to-rest-api0 – 3.1.0

Detection & IOCsextracted from sources · hover to see the quote

url/wp-json/acf/v3/options/a?id=active&field=plugins
url/wp-json/acf/v3/options/
pathacf-to-rest-api/class-acf-to-rest-api.php
  • Detect exploitation attempts by monitoring GET requests to the /wp-json/acf/v3/options/ endpoint, which can expose sensitive wp_options table data including credentials.
  • A successful exploit response will return HTTP 200 with Content-Type: application/json and the string 'acf-to-rest-api/class-acf-to-rest-api.php' in the body.
  • The vulnerability is an insecure direct object reference (IDOR/CWE-639) exploitable via permalink manipulation in the acf-to-rest-api WordPress plugin through version 3.1.0, requiring no authentication (CVSS PR:N).
  • ·The PoC probe uses specific query parameters (?id=active&field=plugins) but the vulnerability applies broadly to the /wp-json/acf/v3/options/ endpoint; other parameter combinations may also expose sensitive data.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.