CVE-2023-5561

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-5561
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5561.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-5561
Aliases
Downstream
Published
2023-10-16T20:15:18.073Z
Modified
2026-02-05T09:34:46.560859Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

References

Affected packages

Git / github.com/wordpress/wordpress

Affected ranges

Type
GIT
Repo
https://github.com/wordpress/wordpress
Events
Introduced
06fa4161aa74619239cf27017d124081c825684a
Fixed
001372026131225d4039926bb39141710c30b3a2
Introduced
14247ee4302378d292863865c643abe99bbfe3c7
Fixed
03505cd7f9898a337013d638fffb15fb6237ac99
Introduced
537fd931bc02e6e934a2d774422b897871aa87ad
Fixed
068534071426b5794ccde15219f898ba3b2c560f
Introduced
965fcddcf68cf4fd122ae24b992e242dfea1d773
Fixed
078aab979f288508c09e4329628d3b67b1538d11
Introduced
cc101b64012b16d087780657a2b828ccd7794a63
Fixed
105fef7fbd741e358810d5e7fda2fbf9c31ca997
Introduced
058f9903676a7efaee534a682df0a2a8b87574d8
Fixed
1748dbad369310bf3611e175e0272df7e28a3d0d
Introduced
50caeb6e61ad0c49d2c7e1d6d5115047a011f590
Fixed
2324b11a547e10a16618246baf6deb2ed5a35165
Introduced
491c67be12ca8a9fe37ae38307ba7e298c976ec3
Fixed
37f24ed72a9b7d93fac02415e23cc244d2bb2efc
Introduced
9ff4499281663b0c772787fd4a60538288f842e9
Fixed
5362cad58167451efd92a7c669295d10b0dc3e95
Introduced
50dc0ca5bb332c895f0f39fe4e6ee1e4a43e06dc
Fixed
5b4810a879c6bbb32e1b1d0d7c4748243b2f6572
Introduced
c33464a4554cff8a082bc353d9226d8104b80d2b
Fixed
73d4c1c7eabaed5e23e032f889125837bb067d08
Introduced
6fe64752be3260f2a47f38e68c2cb77400e5a0c9
Fixed
974063fd8e375f8c0b9f9eab8267a7dff8f792ea
Introduced
6c5d5b5dcb9712bfc400b09cb6627e42898527af
Fixed
b4591fa6388e470f60c87f6bd0182e577d3621bd
Introduced
73157386d069425c5e6ea7c4fc0122e8a9b58a7b
Fixed
bcb0013f3603bc012836e3367d81b24790dd631a
Introduced
29ffbff370968ae48a1b7a34e35c8b8e75cf0f91
Fixed
ca00907bae8974ddff310fe67726c6946336a63c
Introduced
17e2eff4aa3beb2802cbec12b6f08e2fbf69893d
Fixed
cf8d68b5ac4eec8d39f2f956f681d87720aaa8fb
Introduced
ac3899153a790a6f060dc816ff94812e0fd99875
Fixed
ffb401296259cc20eed753bf0f934221df45e32e

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5561.json"

Git / github.com/wordpress/wordpress-develop

Affected ranges

Type
GIT
Repo
https://github.com/wordpress/wordpress-develop
Events
Introduced
4b54a6c2c9a3be775cc6dda66ed207998b068c8f
Fixed
22ed420f9aa0ec9554ec68970f83b91b0faefb1e
Introduced
d05f0a86b23e37b9d97acd9317ff3fd661d64dea
Fixed
2b185061d5bfba8a879e7ef4ceebe924eb840dd9
Introduced
96a6969aab5f0b9362cbc984af230bdfc93022e8
Fixed
36ab647c6df00d567140270e804290d112f9583f
Introduced
31f7ece8503f0dc6ef1df2473ae3f3d352973e12
Fixed
37c9fa52052694a0d193de63c4dfc186e8adf4c3
Introduced
efa83f48bd4ebd066e5efc94b9feefe50e7925a2
Fixed
44f6b667c73c73f311ccf30559bc31323f929882
Introduced
b829903bb0104bfeccc7623946a25cb7ccda1dea
Fixed
4949dc0bdc03e93a7b38fa8a9520e8be34b6bce9
Introduced
e33c9f3203961a823ec8410fc1481f6c87b4e3db
Fixed
4de18d1fbf375f6ce9e7241a14ac90303ef937fd
Introduced
e0bedd676512ace4c5586337c072037298315f79
Fixed
5cef67a85eba41b569214a8242e45c6709acc3c6
Introduced
944a787b8071d3a27f4ac68980c21ed6137db91d
Fixed
611d84e47f9d4e4514932dee42b5cada658d1463
Introduced
895d6a691d7ccdfe80cdf999bc0c8a78d11ad55a
Fixed
7b82e2d10eddbde2bb387e9bc298e091468b0919
Introduced
1c0a2efa5eac05dfd3b7d2b9cfe68e02da55b966
Fixed
7b9658a0bf50ea03b5b85bf9ee135fb61b5ff4ac
Introduced
b3bf6266acd61682bc654845f621b4426645e324
Fixed
93fbaa291a2815c134d1069f7bee7b200265dd73
Introduced
5aa596fee9bf6ea7f0ccc2ed51b16c0f2f04076b
Fixed
a622b8bf311226b38d17bdc4bb65855d2f7138f8
Introduced
2ac9b801ef5c18accf223b093529dacfcf809133
Fixed
bc63b6d24681097c941bd66a4e432435dc499d6e
Introduced
b83a8be65054cd890e24c7c1416ebbb39aeb4c09
Fixed
e5bce454ec3f1d6035b173de7391111956f69813
Introduced
4a6363076129378869f8742ef00a39a7421e6f29
Fixed
e8676f6226fb01cd17222c771717969f42e73505
Introduced
1cf3888655c0eb8b0b0539834ad67db5920190d7
Fixed
ff354fdc5259a23911c2a3843d42c2daabc527e2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5561.json"