CVE-2023-39999

2023-10-1300:00:00

attackerkb.com

wordpress

information exposure

version range

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.002 Low

EPSS

Percentile

56.2%

JSON

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39999

lists.debian.org/debian-lts-announce/2023/11/msg00014.html

lists.fedoraproject.org/archives/list/[email protected]/message/2EVFT4DPZRFTXJPEPADM22BZVIUD2P66/

lists.fedoraproject.org/archives/list/[email protected]/message/GCCVDPKOK57WCTH2QJ5DJM3B53RJNZKA/

lists.fedoraproject.org/archives/list/[email protected]/message/WQBL4ZQCBFNQ76XHM5257CIBFQRGT5QY/

patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve

patchstack.com/database/vulnerability/wordpress/wordpress-wordpress-core-core-6-3-2-contributor-comment-read-on-private-and-password-protected-post-vulnerability?_s_id=cve