Description
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
Remediation
References
Related Vulnerabilities
PHP Use After Free Vulnerability (CVE-2017-12932)
Oracle JRE CVE-2013-1540 Vulnerability (CVE-2013-1540)
WordPress Plugin WordPress Popular Posts TimThumb Arbitrary File Upload (2.1.4)
NuSOAP Improper Certificate Validation Vulnerability (CVE-2012-6071)
WordPress Plugin Order Export & Order Import for WooCommerce Cross-Site Request Forgery (1.6.0)