VYPR

REST API

by WordPress

CVEs (1)

  • CVE-2017-1001000HigApr 3, 2017
    risk 0.51cvss 7.5epss 0.82

    The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts…