CVE-2023-5561

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-5561
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5561.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-5561
Aliases
Downstream
Published
2023-10-16T20:15:18Z
Modified
2025-10-14T15:32:55Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

References

Affected packages

Git / github.com/wordpress/wordpress

Affected ranges

Type
GIT
Repo
https://github.com/wordpress/wordpress
Events
Type
GIT
Repo
https://github.com/wordpress/wordpress-develop
Events