{"id":"CVE-2017-6514","details":"WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the \"author_name\":\" substring.","modified":"2026-02-13T01:22:44.847270Z","published":"2019-05-22T18:29:00.227Z","references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/108459"},{"type":"ADVISORY","url":"https://web.archive.org/web/20180612235401/https://github.com/CFSECURITE/wordpress"},{"type":"PACKAGE","url":"https://github.com/CFSECURITE/wordpress"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wordpress/wordpress","events":[{"introduced":"0"},{"last_affected":"1ea8e9a4f03f425a6a77c3487528fedd3f33c100"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-6514.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}