The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before…
joshbressers·NVD-CWE-noinfo·Published 2017-04-03
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI.
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI.
La función register_routes en wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php en la API REST en WordPress 4.7.x en versiones anteriores a 4.7.2 no requiere un identificador de número entero, lo que permite a atacantes remotos modificar páginas arbitrarias a través de una solicitud para wp-json/wp/v2/posts seguida por un valor numérico y un valor no numérico, según lo demostrado mediante la URI wp-json/wp/v2/posts/123?id=123helloworld.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 5.0 | 10.0 | 2.9 | AV:N/AC:L/Au:N/C:N/I:P/A:N |
| 3.0 | Primary | NVD | 7.5 | 3.9 | 3.6 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |