7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-13700

GHSA ID

GHSA-r345-x8hr-2r9p

EPSS Score

0.99637%

CWE

CWE-200

Published

5/24/2022

Updated

11/15/2023

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-13700

CVE-2020-13700: acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation

An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2020-13700

CVE-2020-13700:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-13700

GHSA ID

GHSA-r345-x8hr-2r9p

EPSS Score

0.99637%

CWE

CWE-200

Published

5/24/2022

Updated

11/15/2023

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
airesvsg/acf-to-rest-api	composer	<= 3.1.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from two key issues: 1) The options controller directly uses user-supplied 'id' parameter to access wp_options entries without authorization checks (CWE-639). 2) The field processing function allows combining URL parameters to construct arbitrary option names (like 'mailserver_pass') through $_GET['id'] and $_GET['field'] manipulation (CWE-200). The plugin's REST endpoints expose raw option access without implementing WordPress capability checks or proper object reference validation, enabling direct database table enumeration through parameter manipulation as demonstrated in the exploit examples.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2020-13700: acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation

CVE-2020-13700:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

CVE-2020-13700: acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

7.5

7.5

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI