PT-2019-8589 · WordPress+1 · Wordpress+1
Publicado
2019-05-22
·
Atualizado
2019-05-27
·
CVE-2017-6514
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WordPress version 4.7.2
Description
The issue allows remote attackers to obtain sensitive information via a "/wp-json/oembed/1.0/embed?url=" request. This is related to the handling of post authors and the "author name" substring.
Recommendations
For WordPress version 4.7.2, consider restricting access to the /wp-json/oembed/1.0/embed endpoint until a fix is available. As a temporary workaround, avoid using the "author name" substring in requests to this endpoint.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Debian
Wordpress