|
|||
Rule General Information |
---|
Release Date: | 2018-01-15 | |
Rule Name: | WordPress REST API Posts Controller Privilege Escalation Vulnerabiliy | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | A privilege escalation vulnerability was found in WordPress. The vulnerability is caused by improper handling of post id's within the REST API posts controller. | |
Impact: | An attacker can abtain more privileges which he is not entitled to by exloiting the vulnerability, such as executing arbitrary code, deleting files, viewing sensitive information, changing configurations. | |
Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
Reference: | https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/ https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html |
|
Solutions |
---|
Upgrade to version 4.7.2 to solve the problem. |