Description

Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.

Remediation

References

CVE-2022-43504

Related Vulnerabilities

WordPress Plugin Visual Email Designer for WooCommerce SQL Injection (1.7.1)

WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (5.6.1)

Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5689)

WordPress 2.2 Cross-Site Scripting Vulnerability (2.2)

WordPress Plugin Custom Background 'uploadify.php' Arbitrary File Upload (1.01)

Severity

Medium

Classification

CVE-2022-43504 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities