|
|
|||
| Rule General Information |
|---|
| Release Date: | 2018-01-15 | |
| Rule Name: | WordPress REST API Posts Controller Privilege Escalation Vulnerabiliy | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A privilege escalation vulnerability was found in WordPress. The vulnerability is caused by improper handling of post id's within the REST API posts controller. | |
| Impact: | An attacker can abtain more privileges which he is not entitled to by exloiting the vulnerability, such as executing arbitrary code, deleting files, viewing sensitive information, changing configurations. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/ https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html |
|
| Solutions |
|---|
| Upgrade to version 4.7.2 to solve the problem. |