Information Disclosure Vulnerability in WordPress REST API Implementation

Information Disclosure Vulnerability in WordPress REST API Implementation

CVE-2017-5487 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.

Learn more about our Wordpress Pen Testing.