Lucene search
WPScanCVELIST:CVE-2023-5561HistoryOct 16, 2023 - 7:39 p.m.
CVE-2023-5561 WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure
2023-10-1619:39:10
WPScan
www.cve.org
7
wordpress
unauthenticated
email disclosure
cve-2023-5561
rest api
oracle attack
WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack
CNA Affected
[
{
"vendor": "WordPress",
"product": "WordPress",
"versions": [
{
"status": "affected",
"version": "6.3.0",
"lessThan": "6.3.2",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.0",
"lessThan": "6.2.3",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.1.0",
"lessThan": "6.1.4",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.0.0",
"lessThan": "6.0.6",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.9.0",
"lessThan": "5.9.8",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.8.0",
"lessThan": "5.8.8",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.7.0",
"lessThan": "5.7.10",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.6.0",
"lessThan": "5.6.12",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.5.0",
"lessThan": "5.5.13",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.4.0",
"lessThan": "5.4.14",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.3.0",
"lessThan": "5.3.16",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.2.0",
"lessThan": "5.2.19",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.0.0",
"lessThan": "5.0.20",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.9.0",
"lessThan": "4.9.24",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.8.0",
"lessThan": "4.8.23",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.7.0",
"lessThan": "4.7.27",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
osv
osv
BIT-2023-5561
2023-10-23 06:29:47
BIT-wordpress-multisite-2023-5561
2024-03-06 11:08:24
BIT-wordpress-2023-5561
2024-03-06 11:08:48
githubexploit
githubexploit
Exploit for Vulnerability in Wordpress
2023-11-26 03:47:33
Exploit for CVE-2023-5561
2023-12-13 16:43:18
ubuntucve
ubuntucve
CVE-2023-5561
2023-10-16 00:00:00
prion
prion
Code injection
2023-10-16 20:15:00
veracode
veracode
Information Disclosure
2023-11-12 06:43:12
nvd
nvd
CVE-2023-5561
2023-10-16 20:15:18
wpvulndb
wpvulndb
WP < 6.3.2 - Unauthenticated Post Author Email Disclosure
2023-10-13 00:00:00
wpexploit
wpexploit
WP < 6.3.2 - Unauthenticated Post Author Email Disclosure
2023-10-13 00:00:00
cve
cve
CVE-2023-5561
2023-10-16 20:15:18
debiancve
debiancve
CVE-2023-5561
2023-10-16 20:15:18
nessus
nessus
Debian DLA-3658-1 : wordpress - LTS security update
2023-11-20 00:00:00
WordPress 6.0 < 6.3.2 Multiple Vulnerabilities
2023-10-12 00:00:00
Debian dsa-5685 : wordpress - security update
2024-05-09 00:00:00
debian
debian
[SECURITY] [DLA 3658-1] wordpress security update
2023-11-20 21:26:30
[SECURITY] [DSA 5685-1] wordpress security update
2024-05-08 22:06:13
openvas
openvas
Debian: Security Advisory (DLA-3658-1)
2023-11-21 00:00:00
WordPress Multiple Vulnerabilities (Oct 2023) - Linux
2023-10-13 00:00:00
WordPress Multiple Vulnerabilities (Oct 2023) - Windows
2023-10-13 00:00:00
wordfence
wordfence