User Information Disclosure via REST API

Disclosed: 2017-04-19 14:08:17 By 4websecurity To owncloud

Low

Vulnerability Details

Hello, REST-API, allows anonymous access to functionality that allows a hacker to list all users who have published a post on a WordPress site. Unfortunately, this generally includes the admin account POC: https://owncloud.com/wp-json/wp/v2/users/ https://owncloud.com/wp-json/wp/v2/users/1/ Kind Regards, Alex.

Actions

View on HackerOne

Report Stats

Report ID: 197786
State: Closed
Substate: resolved
Upvotes: 8

User Information Disclosure via REST API

Vulnerability Details

Actions

Report Stats

Share this report