CVE-2023-5561
WordPress < 6.3.2 - Unauthenticated Post Author Email DisclosureWordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack
We have discovered 1,079,839 live websites that are affected by CVE-2023-5561.
Contact us to get more info
Affected Software
| |
---|
Product | WordPress |
Category | Content Management System |
Vulnerable Versions | - from 4.7 before 4.7.27
- from 4.8 before 4.8.23
- from 4.9 before 4.9.24
- from 5 before 5.0.20
- from 5.2 before 5.2.19
- from 5.3 before 5.3.16
- from 5.4 before 5.4.14
- from 5.5 before 5.5.13
- from 5.6 before 5.6.12
- from 5.7 before 5.7.10
- from 5.8 before 5.8.8
- from 5.9 before 5.9.8
- from 6 before 6.0.6
- from 6.1 before 6.1.4
- from 6.2 before 6.2.3
- from 6.3 before 6.3.2
|
Total Vulnerable Versions | 780 |
Vulnerable Domains | 1,079,839 live websites (9.47% of WordPress install base) |
Common Weakness Enumeration
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-5561 and the relative popularity of websites