CVE-2017-5487 log

Source
Severity Medium
Remote Yes
Type Access restriction bypass
Description
A vulnerability has been discovered in wordpress exposing user data for all users who had authored a post of a public post type via the REST API. wordpress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API.
Group Package Affected Fixed Severity Status Ticket
AVG-142 wordpress 4.7-1 4.7.1-1 High Fixed FS#52555
Date Advisory Group Package Severity Description
15 Jan 2017 ASA-201701-22 AVG-142 wordpress High multiple issues
References
https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60