wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
References
Configurations
Information
Published : 2017-01-14 18:59
Updated : 2017-08-31 18:29
NVD link : CVE-2017-5487
Mitre link : CVE-2017-5487
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
wordpress
- wordpress