[wp-trac] [WordPress Trac] #60022: Security tool reporting CORS vulnerability on wp-json
WordPress Trac
noreply at wordpress.org
Wed Dec 6 18:33:36 UTC 2023
#60022: Security tool reporting CORS vulnerability on wp-json
--------------------------+-----------------------------
Reporter: sitebolts | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Hi there, we had a client report that they ran a security tool and
received a CORS vulnerability warning on their wp-json endpoint.
They've unfortunately forgotten what tool they ran, but a quick Google
search shows that other people have received similar messages.
A few threads I've found say that it's no big deal since wp-json is
intentionally a public endpoint, but some replies are talking about how to
fix it, so there seems to be mixed information floating around.
Can we get a canonical answer on the matter? Is the default configuration
for wp-json okay or does it leave the site open to a CORS exploit?
------------------
**Report details:**
Vulnerability:- CORS Misconfiguration
Vulnerable url: - https://example.com/wp-json
Weakness:- Security Misconfiguration
Vulnerability Description
• A cross-origin resource-sharing misconfiguration occurs when the web
server allows third-party domains to perform privileged tasks through the
browsers of legitimate users.
IMPACT
• CORS misconfigurations can give attackers access to internal sites
behind the firewall using cross-communication types of attacks
MITIGATION
• Proper configuration of cross-origin requests
• Only allow trusted sites
• Avoid whitelisting null
• Avoid wildcards in internal networks
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60022>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list