WordPress Plugin Vulnerabilities
ACF to REST API < 3.3.0 - Unauthenticated Arbitrary wp_options Disclosure
Description
The plugin does not properly check for authorisation and allowed options to be retrieved from the wp-json/acf/v3/options/ endpoint. This could allow unauthenticated attacker to retrieve arbitrary values from the wp_options table, such as a list of active plugins.
Proof of Concept
List all active plugins of the blog: GET /wp-json/acf/v3/options/a?id=active&field=plugins
Affects Plugins
References
Classification
Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
mariuszpoplwski
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2020-06-28 (about 3 years ago)
Added
2020-06-28 (about 3 years ago)
Last Updated
2020-06-29 (about 3 years ago)