Wordpress Priviege Escalation Vulnerability (CVE-2017-1001000) Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Wordpress Priviege Escalation Vulnerability (CVE-2017-1001000) Scanner Detail

Attempts to detect a privilege escalation vulnerability in Wordpress 4.7.0 and 4.7.1 that allows unauthenticated users to inject content in posts.

The script connects to the Wordpress REST API to obtain the list of published posts and grabs the user id and date from there. Then it attempts to update the date field in the post with the same date information we just obtained. If the request doesn’t return an error, we mark the server as vulnerable.

References:

https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

Some Advice for Common Problems

For all additional fixes, you need to download 4.7.2 or later versions.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service