Wordpress < 4.7.1 - Username Enumeration (CVE-2017-5487)

Author: p0wd3r know Chong Yu 404 security lab Date: 2017-03-05 0x00 vulnerability overview Vulnerability description Recently exploit-db is published on a Wordpress 4.7.1 username enumeration vulnerabilities: , in fact, the vulnerability to 1-month 14, has been posted on the Internet, and given t...

CVE-2017-5487

creationtimestamp| type| source ---|---|--- 2017-03-03 12:32:58+00:00| exploited| https://t.me/canyoupwnme/875 2022-10-26 15:01:51+00:00| seen| Telegram/cKWDCSIwcxFOknnqsRpkHzc8hBMfo5nCVaTeFVkbll3uQ 2023-06-12 23:21:25+00:00| seen| https://t.me/TYGYE/828 2023-06-30 12:16:59+00:00| seen|...

WordPress < 4.7.1 Multiple Vulnerabilities

Binary data 9894.prm...

CVE-2017-5487

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request...

CVE-2017-5487

wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request...

CVE-2017-5487

CVE-2017-5487 affects WordPress 4.7.x prior to 4.7.1. The REST API endpoint wp-json/wp/v2/users does not properly restrict author listings, allowing unauthenticated remote access to usernames and related information. Root cause: insufficient access control on author listings in the REST API. Impa...

[ASA-201701-22] wordpress: multiple issues

Arch Linux Security Advisory ASA-201701-22 ========================================== Severity: High Date : 2017-01-15 CVE-ID : CVE-2016-10033 CVE-2016-10045 CVE-2017-5487 CVE-2017-5488 CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492 CVE-2017-5493 Package : wordpress Type : multiple issue...