VDB
DEBIAN-CVE-2023-5561
DEBIAN-CVE-2023-5561
PUBLISHED
CVSS 5.300000190734863 MEDIUM
WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | wordpress | 0 |
| Debian:12 | wordpress | 6.1.1+dfsg1-1, 0, 6.1.1+dfsg1-1 |
| Debian:13 | wordpress | 0, 0, 0 |
| Debian:11 | wordpress | 5.7.1+dfsg1, 5.7.3+dfsg1, 5.7.5+dfsg1 |
Exploit Intelligence
- Updated POC for Unauth Post Author Email Disclosures WordPress CVE-2023-5561 (github-poc-repo)
- CVE-2023-5561-PoC (github-poc-repo)
- CVE-2023-5561-PoC (github-poc)
- Updated POC for Unauth Post Author Email Disclosures WordPress CVE-2023-5561 (github-poc)
- WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack (github-poc)
- Nuclei Template: CVE-2023-5561 (nuclei-template)
Timeline
- Oct 16, 2023 CVE Published
- May 7, 2026 CVE Updated