7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-13700

GHSA ID

GHSA-r345-x8hr-2r9p

EPSS Score

0.99637%

CWE

CWE-200

Published

5/24/2022

Updated

11/15/2023

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-13700

CVE-2020-13700: acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation

An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-13700

GHSA ID

GHSA-r345-x8hr-2r9p

EPSS Score

0.99637%

CWE

CWE-200

Published

5/24/2022

Updated

11/15/2023

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
airesvsg/acf-to-rest-api	composer	<= 3.1.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from two key issues: 1) The options controller directly uses user-supplied 'id' parameter to access wp_options entries without authorization checks (CWE-639). 2) The field processing function allows combining URL parameters to construct arbitrary option names (like 'mailserver_pass') through $_GET['id'] and $_GET['field'] manipulation (CWE-200). The plugin's REST endpoints expose raw option access without implementing WordPress capability checks or proper object reference validation, enabling direct database table enumeration through parameter manipulation as demonstrated in the exploit examples.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in t** ***-to-r*st-*pi plu*in t*rou** *.*.* *or Wor*Pr*ss. It *llows *n ins**ur* *ir**t o*j**t r***r*n** vi* p*rm*links m*nipul*tion, *s **monstr*t** *y * `wp-json/***/v*/options/` r*qu*st t**t r***s s*nsitiv* in*orm*tion in t

Reasoning

T** vuln*r**ility st*ms *rom two k*y issu*s: *) T** options *ontroll*r *ir**tly us*s us*r-suppli** 'i*' p*r*m*t*r to ****ss wp_options *ntri*s wit*out *ut*oriz*tion ****ks (*W*-***). *) T** *i*l* pro**ssin* *un*tion *llows *om*inin* URL p*r*m*t*rs to

7.5

Basic Information

Concerned about an active attack path?

CVE-2020-13700: acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI