acf-to-rest-api wordpress plugin IDOR CVE-2020-13700 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

acf-to-rest-api wordpress plugin IDOR CVE-2020-13700 Scanner Detail

acf-to-rest-api wordpress plugin allows insecure direct object reference - IDOR vulnerability.

An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.

Some Advice for Common Problems

You should update to latest version.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service