WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Vulnerabilities

WordPress 4.7.0-4.7.1 - Unauthenticated Page/Post Content Modification via REST API

Affects WordPress

4.7
Fixed in version 4.7.2
4.7.1
Fixed in version 4.7.2

References

CVE
CVE-2017-1001000
URL
https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
URL
https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html
URL
https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab
URL
https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7
Metasploit
auxiliary/scanner/http/wordpress_content_injection

Classification

Type

BYPASS

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter
ethicalhack3r
Verified

No

WPVDB ID
ca45b052-aeb6-48ea-b675-0c0edf3405c3

Timeline

Publicly Published

2017-02-01 (about 6 years ago)

Added

2017-02-01 (about 6 years ago)

Last Updated

2020-09-22 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin