CVE-2017-5487 — AI Deep Analysis Summary

🚨 **Essence**: A critical flaw in WordPress REST API (`class-wp-rest-users-controller.php`). 💥 **Consequences**: Remote attackers can extract sensitive user information via simple HTTP requests to `/wp-json/wp/v2/users`.

🛡️ **Root Cause**: Improper access control in the REST API implementation. 🔍 **Flaw**: The endpoint exposes user data without sufficient authentication checks, allowing unauthorized enumeration.

📦 **Affected**: WordPress installations running versions **< 4.7.1**. 📅 **Date**: Published Jan 15, 2017. 🔧 **Component**: `wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php`.

🕵️ **Hackers Can**: Enumerate valid usernames. 📊 **Data Leaked**: User lists and potentially associated metadata. 🔓 **Privileges**: No admin access needed; remote, unauthenticated exploitation.

⚡ **Threshold**: **LOW**. 🔑 **Auth**: None required. ⚙️ **Config**: Default REST API settings are sufficient for exploitation. Easy to trigger.

🔥 **Public Exp?**: **YES**. 🛠️ **Tools**: Multiple PoCs exist (e.g., `wpUsersScan`, `krpexploit.py`). 🌐 **Wild Exp**: Active exploitation tools are available on GitHub and Exploit-DB.

🔍 **Self-Check**: Send a GET request to `http://<target>/wp-json/wp/v2/users`. 👀 **Indicator**: If the response returns a JSON array of users, the site is vulnerable. 📡 **Scan**: Use automated scanners like `wpUsersScan.…

🩹 **Fixed**: Yes. 📦 **Patch**: Upgrade WordPress to version **4.7.1** or later. ✅ **Status**: The vulnerability was addressed in this release.

🚧 **No Patch?**: Disable or restrict the REST API. 🛑 **Workaround**: Use plugins to block `/wp-json/wp/v2/users` access or remove user enumeration capabilities via code snippets. 🔒 **Limit**: Restrict API endpoints to au…

🚨 **Urgency**: **HIGH**. ⚠️ **Priority**: Immediate patching required. 📉 **Risk**: User enumeration aids further attacks (brute force, social engineering). Do not ignore!