5.3

CVE-2022-43504

Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version < 3.7.40
WordpressWordpress Version >= 3.8 < 3.8.40
WordpressWordpress Version >= 3.9 < 3.9.39
WordpressWordpress Version >= 4.0 < 4.0.37
WordpressWordpress Version >= 4.1 < 4.1.37
WordpressWordpress Version >= 4.2 < 4.2.34
WordpressWordpress Version >= 4.3 < 4.3.30
WordpressWordpress Version >= 4.4 < 4.4.29
WordpressWordpress Version >= 4.5 < 4.5.28
WordpressWordpress Version >= 4.6 < 4.6.25
WordpressWordpress Version >= 4.7 < 4.7.25
WordpressWordpress Version >= 4.8 < 4.8.21
WordpressWordpress Version >= 4.9 < 4.9.22
WordpressWordpress Version >= 5.0 < 5.0.18
WordpressWordpress Version >= 5.1 < 5.1.15
WordpressWordpress Version >= 5.2 < 5.2.17
WordpressWordpress Version >= 5.3 < 5.3.14
WordpressWordpress Version >= 5.4 < 5.4.12
WordpressWordpress Version >= 5.5 < 5.5.11
WordpressWordpress Version >= 5.6 < 5.6.10
WordpressWordpress Version >= 5.7 < 5.7.8
WordpressWordpress Version >= 5.8 < 5.8.6
WordpressWordpress Version >= 5.9 < 5.9.5
WordpressWordpress Version >= 6.0 < 6.0.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.54% 0.807
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://wordpress.org/download/
Vendor Advisory
Product