Information Disclosure Vulnerability in WordPress REST API Implementation
CVE-2017-5487 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
Learn more about our Wordpress Pen Testing.