This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: IDOR flaw in `acf-to-rest-api` plugin. π **Consequences**: Attackers can read sensitive data from the `wp_options` table (e.g., login credentials).
Q2Root Cause? (CWE/Flaw)
π‘οΈ **Root Cause**: Insecure Direct Object Reference (IDOR). π§ **Flaw**: Manipulating permalinks allows unauthorized access to REST API endpoints without proper validation.
Q3Who is affected? (Versions/Components)
π― **Affected**: WordPress sites using `acf-to-rest-api`. π¦ **Version**: Version 3.1.0 and earlier. β οΈ **Note**: Plugin by `airesvsg`.
Q4What can hackers do? (Privileges/Data)
π **Hackers Can**: Extract sensitive info from `wp_options`. π **Data Exposed**: Login names and password hashes. π΅οΈ **Impact**: Potential account takeover.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: LOW. π« **Auth**: No authentication required. βοΈ **Config**: Relies on permalink manipulation via public REST API (`wp-json/acf/v3/options/`).
Q6Is there a public Exp? (PoC/Wild Exploitation)
π₯ **Public Exp?**: YES. π **PoC**: Available via Nuclei templates & GitHub Gists. π **Wild Exploitation**: High risk due to simple HTTP request structure.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: Scan for `wp-json/acf/v3/options/` endpoint. π‘ **Tool**: Use Nuclei or manual HTTP requests to test for IDOR responses containing sensitive data.
Q8Is it fixed officially? (Patch/Mitigation)
π οΈ **Fixed?**: YES. π₯ **Patch**: Upgrade `acf-to-rest-api` to version > 3.1.0. π **Action**: Check WordPress plugin dashboard for updates immediately.
Q9What if no patch? (Workaround)
π§ **No Patch?**: Disable the plugin if not essential. π **Mitigation**: Restrict access to `wp-json/acf/` endpoints via WAF or `.htaccess`. 𧱠**Block**: Prevent direct object reference attempts.
Q10Is it urgent? (Priority Suggestion)
π¨ **Urgency**: HIGH. π₯ **Priority**: Critical. β³ **Reason**: Unauthenticated data leak of credentials. π **Action**: Patch or disable immediately to prevent credential theft.