CVE-2017-6514
UnknownEPSS 3.01%
Last modified
CVE-2017-6514 is a vulnerability of currently unknown severity. WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring.. EPSS estimates a 3.01% chance of exploitation in the next 30 days.
Description
WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wordpress | Wordpress | 4.7.2 |
References
- https://github.com/CFSECURITE/wordpressBroken Link
- https://github.com/CFSECURITE/wordpressBroken Link
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-6514?
WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring.
How severe is CVE-2017-6514?
Severity scoring for CVE-2017-6514 is pending analysis. The EPSS model estimates a 3.01% probability of exploitation in the next 30 days.
How do I fix CVE-2017-6514?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2017-6514?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST