CVE-2023-5561

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-5561
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5561.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-5561
Aliases
Related
Published
2023-10-16T20:15:18Z
Modified
2024-05-29T20:52:00Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

References

Affected packages

Git / github.com/wordpress/wordpress

Affected ranges

Type
GIT
Repo
https://github.com/wordpress/wordpress
Events
Introduced
14247ee4302378d292863865c643abe99bbfe3c7
Fixed
03505cd7f9898a337013d638fffb15fb6237ac99
Type
GIT
Repo
https://github.com/wordpress/wordpress-develop
Events
Introduced
efa83f48bd4ebd066e5efc94b9feefe50e7925a2
Fixed
44f6b667c73c73f311ccf30559bc31323f929882