WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Vulnerabilities

WordPress 4.7 - User Information Disclosure via REST API

Affects WordPress

4.7
Fixed in version 4.7.1

References

CVE
CVE-2017-5487
URL
https://www.wordfence.com/blog/2016/12/wordfence-blocks-username-harvesting-via-new-rest-api-wp-4-7/
URL
https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60
URL
https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/

Classification

Type

BYPASS

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter
ethicalhack3r
Verified

No

WPVDB ID
ec8c295f-0ab4-4ab9-9a3a-38e9d64e12d3

Timeline

Publicly Published

2017-01-11 (about 6 years ago)

Added

2017-01-12 (about 6 years ago)

Last Updated

2020-09-22 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin