5.3

CVE-2023-5561

Exploit

WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure

WordPress Core 4.7.0 - 6.3.1 - Sensitive Information Exposure via User Search REST Endpoint

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 4.7.27, 4.8.23, 4.9.24, 5.0.20, 5.1.17, 5.2.19, 5.3.16, 5.4.14, 5.5.13, 5.6.12, 5.7.10, 5.8.8, 5.9.8, 6.0.6, 6.1.4, 6.2.3, 6.3.2
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version >= 4.7 < 4.7.27
WordpressWordpress Version >= 4.8 < 4.8.23
WordpressWordpress Version >= 4.9 < 4.9.24
WordpressWordpress Version >= 5.0 < 5.0.20
WordpressWordpress Version >= 5.1 < 5.1.17
WordpressWordpress Version >= 5.2 < 5.2.19
WordpressWordpress Version >= 5.3 < 5.3.16
WordpressWordpress Version >= 5.4 < 5.4.14
WordpressWordpress Version >= 5.5 < 5.5.13
WordpressWordpress Version >= 5.6 < 5.6.12
WordpressWordpress Version >= 5.7 < 5.7.10
WordpressWordpress Version >= 5.8 < 5.8.8
WordpressWordpress Version >= 5.9 < 5.9.8
WordpressWordpress Version >= 6.0 < 6.0.6
WordpressWordpress Version >= 6.1 < 6.1.4
WordpressWordpress Version >= 6.2 < 6.2.3
WordpressWordpress Version >= 6.3 < 6.3.2
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version 4.7-4.7.26
Version 4.8-4.8.22
Version 4.9-4.9.23
Version 5.0-5.0.19
Version 5.1-5.1.16
Version 5.2-5.2.18
Version 5.3-5.3.15
Version 5.4-5.4.13
Version 5.5-5.5.12
Version 5.6-5.6.11
Version 5.7-5.7.9
Version 5.8-5.8.7
Version 5.9-5.9.7
Version 6.0-6.0.5
Version 6.1-6.1.3
Version 6.2-6.2.2
Version 6.3-6.3.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.86% 0.888
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html
https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/
Third Party Advisory
Exploit
https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/38b63167-e1a6-4279-97cf-900df0651f20
Third Party Advisory