CVE-2017-5487 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Access restriction bypass |
Description | A vulnerability has been discovered in wordpress exposing user data for all users who had authored a post of a public post type via the REST API. wordpress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-142 | wordpress | 4.7-1 | 4.7.1-1 | High | Fixed | FS#52555 |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
15 Jan 2017 | ASA-201701-22 | AVG-142 | wordpress | High | multiple issues |
References |
---|
https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60 |