WordPress Improper handling of post metadata check

OWASP 2013-A9 OWASP 2017-A9 OWASP PC-C1 PCI v3.2- CAPEC-310 CWE-829 HIPAA-829 WSTG-INFO-03 ISO27001-A.14.1.2

The post metadata are relevant information about a web application’s blog post. A post metadata includes published date, category, author name and many more. In WordPress version 2.5.0-4.7.4, the Post-Meta Data Values are Improperly Handled in XML-RPC. The WordPress uses an XML-RPC interface, which was introduced as an implementation of a WordPress-specific functionality in an API called the WordPress API. These APIs helps to reduce the complexity of the application and could be used wherever possible. The clients should be able to use the APIs beginning with the wp prefix. The WordPress also supports APIs like the Blogger API, metaWeblog API, Movable Type API, and the Pingback API. With the WordPress XML-RPC support, the site administrator can post contents to WordPress blog using any Weblog Clients. The XML-RPC system can be vastly extended to admin’s preferences by using WordPress Plugins to modify its behaviour.

Impact and Fixes

Latest Articles