CVE-2023-5561

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-5561
WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/ Exploit Third Party Advisory
https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
History

20 Nov 2023, 23:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html -

08 Nov 2023, 19:15

Type Values Removed Values Added
Summary The Popup Builder WordPress plugin through 4.1.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

20 Oct 2023, 18:53

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3
First Time Wordpress wordpress
Wordpress
CWE CWE-200 NVD-CWE-noinfo
CPE cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
References (MISC) https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/ - (MISC) https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/ - Exploit, Third Party Advisory
References (MISC) https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441 - (MISC) https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441 - Third Party Advisory

16 Oct 2023, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-10-16 20:15

Updated : 2023-11-20 23:15

NVD link : CVE-2023-5561

Mitre link : CVE-2023-5561

CVE.ORG link : CVE-2023-5561

JSON object : View

Products Affected

wordpress

  • wordpress
CWE
NVD-CWE-noinfo