CVE-2023-5561

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-5561
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5561.json
Aliases
Related
Published
2023-10-16T20:15:18Z
Modified
2023-12-06T01:03:17.078449Z
Details

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

References

Affected packages

Git / github.com/wordpress/wordpress

Affected ranges

Type
GIT
Repo
https://github.com/wordpress/wordpress
Events
Type
GIT
Repo
https://github.com/wordpress/wordpress-develop
Events