Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve46fe6300-5254-4a98-9594-a9567bec8179CVE-2017-1001000
HistoryApr 03, 2017 - 1:59 a.m.

CVE-2017-1001000

2017-04-0301:59:00
46fe6300-5254-4a98-9594-a9567bec8179
web.nvd.nist.gov
128
4
cve
security
wordpress
rest api
vulnerability
remote attack
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

8.3 High

AI Score

Confidence

High

0.456 Medium

EPSS

Percentile

97.4%

JSON

The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI.

Affected configurations

NVD
Node
wordpresswordpressMatch4.7
OR
wordpresswordpressMatch4.7.1
OR
wordpresswordpressMatch4.7.2

Social References

More

Related

nvd 1
wpvulndb 1
osv 1
prion 1
nessus 13
debiancve 1
cvelist 1
ubuntucve 1
wallarmlab 1
nmap 1
openvas 2
sonarsource 1
nvd
nvd
CVE-2017-1001000
2017-04-03 01:59:00
wpvulndb
wpvulndb
WordPress 4.7.0-4.7.1 - Unauthenticated Page/Post Content Modification via REST API
2017-02-01 00:00:00
osv
osv
CVE-2017-1001000
2017-04-03 01:59:00
prion
prion
Integer overflow
2017-04-03 01:59:00
nessus
nessus
WordPress 4.7.x < 4.7.2 REST API 'id' Parameter Privilege Escalation
2017-02-16 00:00:00
WordPress 4.2.x < 4.2.12 Multiple Vulnerabilities
2018-11-05 00:00:00
WordPress 4.4.x < 4.4.7 Multiple Vulnerabilities
2018-11-05 00:00:00
debiancve
debiancve
CVE-2017-1001000
2017-04-03 01:59:00
cvelist
cvelist
CVE-2017-1001000
2017-04-03 01:00:00
ubuntucve
ubuntucve
CVE-2017-1001000
2017-04-03 00:00:00
wallarmlab
wallarmlab
FAST or Burp or both?
2018-11-28 18:27:09
nmap
nmap
http-vuln-cve2017-1001000 NSE Script
2017-06-01 19:08:23
openvas
openvas
WordPress < 4.7.2 Multiple Security Vulnerabilities - Linux
2017-02-02 00:00:00
WordPress < 4.7.2 Multiple Security Vulnerabilities - Windows
2017-02-02 00:00:00
sonarsource
sonarsource
Cachet 2.4: Code Execution via Laravel Configuration Injection
2021-09-21 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

8.3 High

AI Score

Confidence

High

0.456 Medium

EPSS

Percentile

97.4%

JSON
Related for CVE-2017-1001000
nvd1wpvulndb1osv1prion1nessus13debiancve1cvelist1ubuntucve1wallarmlab1nmap1openvas2sonarsource1