CVE-2023-5561

Sažetak

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

Reference

https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html
https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/
https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441
https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html
https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/
https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

23-04-2025 - 17:16

Objavljeno

16-10-2023 - 20:15