CVE-2020-13700

Sažetak

An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.

Reference

https://wordpress.org/plugins/acf-to-rest-api/#developers
https://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5
https://github.com/airesvsg/acf-to-rest-api

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

21-07-2021 - 11:39

Objavljeno

24-06-2020 - 15:15