Main Vulnerability Database Exploits ID:9040 - Exploit for Information disclosure in WordPress - CVE-2017-5487

ID:9040 - Exploit for Information disclosure in WordPress - CVE-2017-5487

Published: May 7, 2023

Vulnerability identifier: #VU4856

Vulnerability risk: Low

CVE-ID: CVE-2017-5487

CWE-ID: CWE-284

Exploitation vector: Remote access

Vulnerable software:
WordPress

Link to public exploit:

https://github.com/K3ysTr0K3R/CVE-2017-5487-EXPLOIT

Vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrectly implemented restrictions within REST API ("wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php") when accessing listings of post authors via HTTP request to "wp-json/wp/v2/users" URL. A remote attacker can send a specially crafted HTTP request to vulnerable URL and obtain potentially sensitive data.

Successful exploitation of the vulnerability may allow an attacker to gain access to otherwise restricted sensitive information.

Remediation

Update to version 4.7.1.

ID:9040 - Exploit for Information disclosure in WordPress - CVE-2017-5487

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human