Vulnerabilities > CVE-2023-5561 - Unspecified vulnerability in Wordpress
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack
Vulnerable Configurations
References
- https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html
- https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html
- https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/
- https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/
- https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441
- https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441