← Volver a CVEs
CVE-2023-5561
MEDIUM5.3
Descripcion
WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack
Detalles CVE
Puntuacion CVSS v3.15.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado10/16/2023
Ultima modificacion4/23/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
wordpress:wordpress
Referencias
https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html(contact@wpscan.com)
https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/(contact@wpscan.com)
https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441(contact@wpscan.com)
https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html(af854a3a-2127-422b-91ae-364da2661108)
https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/(af854a3a-2127-422b-91ae-364da2661108)
https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.