Publish Date: July 12, 2019
SummaryWe've identified a vulnerability in the Spiceworks WWW site that would allow an attacker to view the names of people who have published articles through WordPress on the Spiceworks site.
Who’s Affected?At this time, we do not believe anyone was affected by this vulnerability.
DetailsAn attacker could utilize a vulnerable WordPress API that was left publicly accessible on the Spiceworks WWW site to gain the username, first name, and last name of people who have published through WordPress on the site. The attacker could use this information to make compromising the site easier.
Mitigating FactorsIn order to exploit this vulnerability, the attacker would have to purposefully enter the URL of the susceptible API.
Security Update InformationDue to the coordinated disclosure of this vulnerability,...