CVE-2023-5561

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-5561
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5561.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-5561
Aliases
Related
Published
2023-10-16T20:15:18Z
Modified
2024-10-12T11:15:28.218215Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

References

Affected packages

Debian:11 / wordpress

Package

Name
wordpress
Purl
pkg:deb/debian/wordpress?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.7.11+dfsg1-0+deb11u1

Affected versions

5.*

5.7.1+dfsg1-2
5.7.3+dfsg1-0+deb11u1
5.7.5+dfsg1-0+deb11u1
5.7.8+dfsg1-0+deb11u1
5.7.8+dfsg1-0+deb11u2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / wordpress

Package

Name
wordpress
Purl
pkg:deb/debian/wordpress?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.1.6+dfsg1-0+deb12u1

Affected versions

6.*

6.1.1+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / wordpress

Package

Name
wordpress
Purl
pkg:deb/debian/wordpress?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.3.2+dfsg1-1

Affected versions

6.*

6.1.1+dfsg1-1
6.2+dfsg1-1
6.2.1+dfsg1-1
6.2.2+dfsg1-1
6.3+dfsg1-1
6.3.1+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/wordpress/wordpress

Affected ranges

Type
GIT
Repo
https://github.com/wordpress/wordpress
Events
Type
GIT
Repo
https://github.com/wordpress/wordpress-develop
Events