| Vulnerability Name: | CVE-2017-1001000 (CCN-121433) | ||||||||||||||||||||
| Assigned: | 2017-02-01 | ||||||||||||||||||||
| Published: | 2017-02-01 | ||||||||||||||||||||
| Updated: | 2019-10-03 | ||||||||||||||||||||
| Summary: | The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI. | ||||||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) 6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C)
6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C)
| ||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-1001000 Source: CCN Type: oss-sec Mailing List, Fri, 10 Feb 2017 16:14:41 -0600 Re: Asking for a CVE id for the WordPress Privilege Escalation vulnerability (4.7/4.7.1) Source: MLIST Type: Mailing List, Patch, Third Party Advisory [oss-security] 20170210 Re: Asking for a CVE id for the WordPress Privilege Escalation vulnerability (4.7/4.7.1) Source: SECTRACK Type: UNKNOWN 1037731 Source: CCN Type: Sucuri Blog, February 1, 2017 Content Injection Vulnerability in WordPress Source: MISC Type: Technical Description, Third Party Advisory https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html Source: CCN Type: Akamai Blog, February 1, 2017 11:37 AM WordPress Web API Vulnerability Source: MISC Type: Exploit, Third Party Advisory https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html Source: CONFIRM Type: Patch, Vendor Advisory https://codex.wordpress.org/Version_4.7.2 Source: XF Type: UNKNOWN wordpress-restapi-privilege-esc(121433) Source: MISC Type: Issue Tracking, Patch, Third Party Advisory https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab Source: CONFIRM Type: Issue Tracking, Patch, Third Party Advisory https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7 Source: CONFIRM Type: Patch, Vendor Advisory https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/ Source: CCN Type: Packet Storm Security [02-02-2017] WordPress 4.7.0 / 4.7.1 REST API Privilege Escalation Source: CCN Type: Packet Storm Security [02-02-2017] WordPress 4.7.0 / 4.7.1 Content Injection Proof Of Concept Source: CCN Type: Packet Storm Security [02-02-2017] WordPress 4.7.0 / 4.7.1 Content Injection / Code Execution Source: CCN Type: WordPress Web site WordPress 4.7.2 Security Release Source: CONFIRM Type: Patch, Release Notes, Vendor Advisory https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/ | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||