Detections
Analytics
WordPress 4.7.x < 4.7.2 REST API 'id' Parameter Privilege Escalation
high Web App Scanning Plugin ID 98217
Language:
Synopsis
WordPress 4.7.x < 4.7.2 REST API 'id' Parameter Privilege EscalationDescription
The WordPress application running on the remote web server is version 4.7.x prior to 4.7.2. It is, therefore, affected by a privilege escalation vulnerability in the REST API due to a failure to properly sanitize user- supplied input to the 'id' parameter when editing or deleting blog posts. An unauthenticated, remote attacker can exploit this issue to run arbitrary PHP code, inject content into blog posts, modify blog post attributes, or delete blog posts.The WordPress REST API is enabled by default as of version 4.7.0. This vulnerability was silently patched in WordPress version 4.7.2.
Note that WordPress is reportedly affected by additional vulnerabilities; however, the scanner has not tested for these.
Solution
Upgrade to WordPress version 4.7.2 or later.See Also
Plugin Details
Severity: High
ID: 98217
Type: remote
Family: Component Vulnerability
Published: 5/23/2018
Updated: 9/7/2021
Scan Template: api, basic, full, pci, scan
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS Score Source: CVE-2017-1001000
CVSS v3
Risk Factor: High
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS Score Source: CVE-2017-1001000
Vulnerability Information
Exploit Ease: No known exploits are available
Patch Publication Date: 3/28/2018
Vulnerability Publication Date: 3/29/2018
Reference Information
CVE: CVE-2017-1001000
CWE: 264
OWASP: 2010-A8, 2013-A7, 2013-A9, 2017-A5, 2017-A9, 2021-A1, 2021-A6
WASC: Insufficient Authorization
DISA STIG: APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2)
ISO: 27001-A.14.2.5
NIST: sp800_53-CM-6b
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-14.2.1
PCI-DSS: 3.2-6.2