CVE-2023-5561

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-5561

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

W

ordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

References
Link Resource
https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html
https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/ Exploit Third Party Advisory
https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html
https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/ Exploit Third Party Advisory
https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
History

21 Nov 2024, 08:42

Type Values Removed Values Added
References () https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html - () https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html -
References () https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/ - Exploit, Third Party Advisory () https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/ - Exploit, Third Party Advisory
References () https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441 - Third Party Advisory () https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441 - Third Party Advisory
Information

Published : 2023-10-16 20:15

Updated : 2025-04-23 17:16

NVD link : CVE-2023-5561

Mitre link : CVE-2023-5561

CVE.ORG link : CVE-2023-5561

JSON object : View

Products Affected

wordpress

CWE
NVD-CWE-noinfo