What is CVE-2020-13700?

CVE-2020-13700 is a vulnerability in N/a. Published 2020-06-24.

Is CVE-2020-13700 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-13700

An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive informa…

EPSS: 0.902 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

0xget/cve-2001-1473
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
StarCrossPortal/scalpel
afine-com/research
afinepl/research
anonymous364872/Rapier_
apif-review/APIF_

References

github.com/airesvsg/acf-to-rest-api (x_refsource_MISC)
wordpress.org/plugins/acf-to-rest-api/ (x_refsource_MISC)
gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-13700?: CVE-2020-13700 is a vulnerability in N/a. Published 2020-06-24.
Is CVE-2020-13700 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.