ACF to REST API < 3.3.0 - Unauthenticated Arbitrary wp_options Disclosure



Description
The plugin does not properly check for authorisation and allowed options to be retrieved from the wp-json/acf/v3/options/ endpoint. This could allow unauthenticated attacker to retrieve arbitrary values from the wp_options table, such as a list of active plugins.
Proof of Concept The PoC will be displayed on July 12, 2020, to give users the time to update.

Affects Plugin

fixed in version 3.3.0

References

CVE 2020-13700
URL https://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5
URL https://github.com/airesvsg/acf-to-rest-api/issues/317

Classification

Type SENSITIVE DATA DISCLOSURE
OWASP Top 10 A3: Sensitive Data Exposure

Miscellaneous

Original Researcher mariuszpoplwski
Views 819
Verified Yes
WPVDB ID 10284

Timeline

Publicly Published 2020-06-28 (11 days ago)
Added 2020-06-28 (11 days ago)
Last Updated 2020-06-29 (10 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin