Lucene search
GoogleOSV:GHSA-R345-X8HR-2R9PHistoryMay 24, 2022 - 5:21 p.m.
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
2022-05-2417:21:35
Google
osv.dev
5
wordpress
acf-to-rest-api
insecure direct object reference
idor
permalink manipulation
wp_options table
sensitive information
An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.
Related
cvelist
cvelist
CVE-2020-13700
2020-06-24 14:25:30
patchstack
patchstack
wpvulndb
wpvulndb
ACF to REST API < 3.3.0 - Unauthenticated Arbitrary wp_options Disclosure
2020-06-28 00:00:00
nvd
nvd
CVE-2020-13700
2020-06-24 15:15:11
prion
prion
Cross site request forgery (csrf)
2020-06-24 15:15:00
wpexploit
wpexploit
ACF to REST API < 3.3.0 - Unauthenticated Arbitrary wp_options Disclosure
2020-06-28 00:00:00
gitlab
gitlab
Information Exposure
2020-06-24 00:00:00
nuclei
nuclei
WordPresss acf-to-rest-api <=3.1.0 - Insecure Direct Object Reference
2021-03-10 04:14:33
github
github
osv
osv
CVE-2020-13700
2020-06-24 15:15:11
openvas
openvas
WordPress ACF to REST API Plugin <= 3.1.0 IDOR Vulnerability
2021-04-13 00:00:00
cve
cve
CVE-2020-13700
2020-06-24 15:15:11