Vigil@nce - WordPress WP REST API: information disclosure
June 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use WordPress WP REST API, in order to obtain
sensitive information.
– Impacted products: WordPress Plugins
– Severity: 2/4
– Creation date: 10/04/2015
DESCRIPTION OF THE VULNERABILITY
The WP REST API plugin can be installed on WordPress.
However, an attacker can bypass access restrictions to revisions.
An attacker can therefore use WordPress WP REST API, in order to
obtain sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/WordPress-WP-REST-API-information-disclosure-16573