Description

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

Remediation

References

CVE-2023-5561

Related Vulnerabilities

PostgreSQL Other Vulnerability (CVE-2006-5540)

WordPress Plugin Re-attacher by BestWebSoft Cross-Site Scripting (1.0.8)

WordPress Plugin Enable Media Replace Unspecified Vulnerability (2.9.5)

PHP NULL Pointer Dereference Vulnerability (CVE-2020-7062)

WordPress Plugin PowerPress Podcasting by Blubrry Unspecified Vulnerability (8.6.1)

Severity

Medium

Classification

CVE-2023-5561 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities