WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Vulnerabilities

WP < 6.0.3 - Data Exposure via REST Terms/Tags Endpoint

Description

The REST Terms/Tags Endpoint does not have proper authorisation in place, which could allow unauthorised users to access sensitive information

Affects WordPress

6.0.2
Fixed in version 6.0.3
6.0.1
Fixed in version 6.0.3
6.0
Fixed in version 6.0.3
5.9.4
Fixed in version 5.9.5
5.9.3
Fixed in version 5.9.5
5.9.2
Fixed in version 5.9.5
5.9.1
Fixed in version 5.9.5
5.9
Fixed in version 5.9.5
5.8.5
Fixed in version 5.8.6
5.8.4
Fixed in version 5.8.6

References

URL
https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
URL
https://github.com/WordPress/wordpress-develop/commit/ebaac57a9ac0174485c65de3d32ea56de2330d8e

Classification

Type

INCORRECT AUTHORISATION

OWASP top 10
A5: Broken Access Control
CWE
CWE-863

Miscellaneous

Original Researcher

Than Taintor

Verified

Yes

WPVDB ID
b27a8711-a0c0-4996-bd6a-01734702913e

Timeline

Publicly Published

2022-10-17 (about 3 months ago)

Added

2022-10-19 (about 3 months ago)

Last Updated

2022-10-19 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin