Description
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
Remediation
References
Related Vulnerabilities
WordPress Plugin Mitsol Social Post Feed Cross-Site Scripting (1.10)
Oracle Database Server CVE-2007-5510 Vulnerability (CVE-2007-5510)
WordPress Plugin Vuukle Comments, Reactions, Share Bar, Revenue Cross-Site Request Forgery (3.4.31)
Microsoft SQL Server Other Vulnerability (CVE-2002-0056)
WordPress Plugin Kino Gallery TimThumb Arbitrary File Upload (1.0)