CVE-2023-5561

Exploit

EPSS 53.02%
Veröffentlicht 16.10.2023 20:15:18
Zuletzt bearbeitet 23.04.2025 17:16:50
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure

WordPress Core 4.7.0 - 6.3.1 - Sensitive Information Exposure via User Search REST Endpoint

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

Mögliche Gegenmaßnahme

WordPress: Update to one of the following versions, or a newer patched version: 4.7.27, 4.8.23, 4.9.24, 5.0.20, 5.1.17, 5.2.19, 5.3.16, 5.4.14, 5.5.13, 5.6.12, 5.7.10, 5.8.8, 5.9.8, 6.0.6, 6.1.4, 6.2.3, 6.3.2

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 7

NVD 17 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wordpress ≫ Wordpress Version >= 4.7 < 4.7.27

Wordpress ≫ Wordpress Version >= 4.8 < 4.8.23

Wordpress ≫ Wordpress Version >= 4.9 < 4.9.24

Wordpress ≫ Wordpress Version >= 5.0 < 5.0.20

Wordpress ≫ Wordpress Version >= 5.1 < 5.1.17

Wordpress ≫ Wordpress Version >= 5.2 < 5.2.19

Wordpress ≫ Wordpress Version >= 5.3 < 5.3.16

Wordpress ≫ Wordpress Version >= 5.4 < 5.4.14

Wordpress ≫ Wordpress Version >= 5.5 < 5.5.13

Wordpress ≫ Wordpress Version >= 5.6 < 5.6.12

Wordpress ≫ Wordpress Version >= 5.7 < 5.7.10

Wordpress ≫ Wordpress Version >= 5.8 < 5.8.8

Wordpress ≫ Wordpress Version >= 5.9 < 5.9.8

Wordpress ≫ Wordpress Version >= 6.0 < 6.0.6

Wordpress ≫ Wordpress Version >= 6.1 < 6.1.4

Wordpress ≫ Wordpress Version >= 6.2 < 6.2.3

Wordpress ≫ Wordpress Version >= 6.3 < 6.3.2

Weitere Schwachstelleninformationen

SystemWordPress Core

≫

Produkt WordPress

Version 4.7-4.7.26

Version 4.8-4.8.22

Version 4.9-4.9.23

Version 5.0-5.0.19

Version 5.1-5.1.16

Version 5.2-5.2.18

Version 5.3-5.3.15

Version 5.4-5.4.13

Version 5.5-5.5.12

Version 5.6-5.6.11

Version 5.7-5.7.9

Version 5.8-5.8.7

Version 5.9-5.9.7

Version 6.0-6.0.5

Version 6.1-6.1.3

Version 6.2-6.2.2

Version 6.3-6.3.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	53.02%	0.979

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html

https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/

Third Party Advisory

Exploit

https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/38b63167-e1a6-4279-97cf-900df0651f20

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-5561

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-5561

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-5561

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-5561