Security Advisory

CVE-2017-6514

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-05-22 17:20:03

Last updated 2024-08-05 15:33:20

Assigner mitre

State PUBLISHED

Description

WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring.

← Browse all CVEs View on cve.org ↗