CVE-2017-1001000 Scanner
Detects 'Privilege Escalation' vulnerability in WordPress affects v. 4.7.x before 4.7.2.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
30 days
Scan only one
Domain, IPv4
Toolbox
-
WordPress is one of the most popular content management systems used by individuals and businesses across the globe. It is an open-source software that allows users to easily create and manage websites, blogs, and online stores. With its user-friendly interface and thousands of themes and plugins available, it has become an essential tool for those who want to establish an online presence.
However, like any software, vulnerabilities can be discovered in WordPress. One such vulnerability, CVE-2017-1001000, was detected in WordPress 4.7.x before version 4.7.2. The vulnerability was found in the REST API in WordPress, specifically in the register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php. This function allowed attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value.
When exploited, this vulnerability allowed remote attackers to modify arbitrary pages on WordPress sites, potentially leading to website hijacking, data theft, and other malicious activities. The attacker could easily alter the content of a website, distribute malware, or launch phishing attacks. This could result in severe reputational damage, financial loss, and legal consequences for website owners.
At s4e.io, we understand the importance of website security and offer advanced features that help protect your digital assets. Our platform provides real-time monitoring, vulnerability scanning, and malware detection to help you stay ahead of cyber threats. With our pro features, you can easily and quickly learn about vulnerabilities in your digital assets, and take action to protect against attacks before they happen. Don't wait until it's too late - protect your website today with s4e.io.
REFERENCES
- https://codex.wordpress.org/Version_4.7.2
- https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
- https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html
- https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab
- https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
- https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7
- https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
- openwall.com: [oss-security] 20170210 Re: Asking for a CVE id for the WordPress Privilege Escalation vulnerability (4.7/4.7.1)
- securitytracker.com: 1037731