CVE-2017-5487 log

Severity Medium
Remote Yes
Type Access restriction bypass
A vulnerability has been discovered in wordpress exposing user data for all users who had authored a post of a public post type via the REST API. wordpress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API.
Group Package Affected Fixed Severity Status Ticket
AVG-142 wordpress 4.7-1 4.7.1-1 High Fixed FS#52555
Date Advisory Group Package Severity Type
15 Jan 2017 ASA-201701-22 AVG-142 wordpress High multiple issues