CVE-2023-5561 - Vulnerability Details

Vendors	Products
Wordpress	Wordpress

Link	Providers
https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html
https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/
https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5561", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2023-10-12T17:42:19.461Z", "datePublished": "2023-10-16T19:39:10.424Z", "dateUpdated": "2025-02-13T17:25:40.695Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-11-20T23:06:10.636Z"}, "title": "WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure", "problemTypes": [{"descriptions": [{"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "WordPress", "product": "WordPress", "versions": [{"status": "affected", "version": "6.3.0", "lessThan": "6.3.2", "versionType": "semver"}, {"status": "affected", "version": "6.2.0", "lessThan": "6.2.3", "versionType": "semver"}, {"status": "affected", "version": "6.1.0", "lessThan": "6.1.4", "versionType": "semver"}, {"status": "affected", "version": "6.0.0", "lessThan": "6.0.6", "versionType": "semver"}, {"status": "affected", "version": "5.9.0", "lessThan": "5.9.8", "versionType": "semver"}, {"status": "affected", "version": "5.8.0", "lessThan": "5.8.8", "versionType": "semver"}, {"status": "affected", "version": "5.7.0", "lessThan": "5.7.10", "versionType": "semver"}, {"status": "affected", "version": "5.6.0", "lessThan": "5.6.12", "versionType": "semver"}, {"status": "affected", "version": "5.5.0", "lessThan": "5.5.13", "versionType": "semver"}, {"status": "affected", "version": "5.4.0", "lessThan": "5.4.14", "versionType": "semver"}, {"status": "affected", "version": "5.3.0", "lessThan": "5.3.16", "versionType": "semver"}, {"status": "affected", "version": "5.2.0", "lessThan": "5.2.19", "versionType": "semver"}, {"status": "affected", "version": "5.0.0", "lessThan": "5.0.20", "versionType": "semver"}, {"status": "affected", "version": "4.9.0", "lessThan": "4.9.24", "versionType": "semver"}, {"status": "affected", "version": "4.8.0", "lessThan": "4.8.23", "versionType": "semver"}, {"status": "affected", "version": "4.7.0", "lessThan": "4.7.27", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack"}], "references": [{"url": "https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441", "tags": ["exploit", "vdb-entry", "technical-description"]}, {"url": "https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/", "tags": ["technical-description"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html"}], "credits": [{"lang": "en", "value": "Marc Montpas", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:59:44.898Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/", "tags": ["technical-description", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html", "tags": ["x_transferred"]}]}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-5561 (string)

assignerOrgId : 1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81 (string)

state : PUBLISHED (string)

assignerShortName : WPScan (string)

dateReserved : 2023-10-12T17:42:19.461Z (string)

datePublished : 2023-10-16T19:39:10.424Z (string)

dateUpdated : 2025-02-13T17:25:40.695Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81 (string)

shortName : WPScan (string)

dateUpdated : 2023-11-20T23:06:10.636Z (string)

}

title : WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure (string)

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : CWE-200 Exposure of Sensitive Information to an Unauthorized Actor (string)

lang : en (string)

type : CWE (string)

}

]

}

]

affected : [ »

0 : { »

vendor : WordPress (string)

product : WordPress (string)

versions : [ »

0 : { »

status : affected (string)

version : 6.3.0 (string)

lessThan : 6.3.2 (string)

versionType : semver (string)

}

1 : { »

status : affected (string)

version : 6.2.0 (string)

lessThan : 6.2.3 (string)

versionType : semver (string)

}

2 : { »

status : affected (string)

version : 6.1.0 (string)

lessThan : 6.1.4 (string)

versionType : semver (string)

}

3 : { »

status : affected (string)

version : 6.0.0 (string)

lessThan : 6.0.6 (string)

versionType : semver (string)

}

4 : { »

status : affected (string)

version : 5.9.0 (string)

lessThan : 5.9.8 (string)

versionType : semver (string)

}

5 : { »

status : affected (string)

version : 5.8.0 (string)

lessThan : 5.8.8 (string)

versionType : semver (string)

}

6 : { »

status : affected (string)

version : 5.7.0 (string)

lessThan : 5.7.10 (string)

versionType : semver (string)

}

7 : { »

status : affected (string)

version : 5.6.0 (string)

lessThan : 5.6.12 (string)

versionType : semver (string)

}

8 : { »

status : affected (string)

version : 5.5.0 (string)

lessThan : 5.5.13 (string)

versionType : semver (string)

}

9 : { »

status : affected (string)

version : 5.4.0 (string)

lessThan : 5.4.14 (string)

versionType : semver (string)

}

10 : { »

status : affected (string)

version : 5.3.0 (string)

lessThan : 5.3.16 (string)

versionType : semver (string)

}

11 : { »

status : affected (string)

version : 5.2.0 (string)

lessThan : 5.2.19 (string)

versionType : semver (string)

}

12 : { »

status : affected (string)

version : 5.0.0 (string)

lessThan : 5.0.20 (string)

versionType : semver (string)

}

13 : { »

status : affected (string)

version : 4.9.0 (string)

lessThan : 4.9.24 (string)

versionType : semver (string)

}

14 : { »

status : affected (string)

version : 4.8.0 (string)

lessThan : 4.8.23 (string)

versionType : semver (string)

}

15 : { »

status : affected (string)

version : 4.7.0 (string)

lessThan : 4.7.27 (string)

versionType : semver (string)

}

]

defaultStatus : unaffected (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack (string)

}

]

references : [ »

0 : { »

url : https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441 (string)

tags : [ »

0 : exploit (string)

1 : vdb-entry (string)

2 : technical-description (string)

]

}

1 : { »

url : https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/ (string)

tags : [ »

0 : technical-description (string)

]

}

2 : { »

url : https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html (string)

}

]

credits : [ »

0 : { »

lang : en (string)

value : Marc Montpas (string)

type : finder (string)

}

1 : { »

lang : en (string)

value : WPScan (string)

type : coordinator (string)

}

]

source : { »

discovery : EXTERNAL (string)

}

x_generator : { »

engine : WPScan CVE Generator (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T07:59:44.898Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441 (string)

tags : [ »

0 : exploit (string)

1 : vdb-entry (string)

2 : technical-description (string)

3 : x_transferred (string)

]

}

1 : { »

url : https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/ (string)

tags : [ »

0 : technical-description (string)

1 : x_transferred (string)

]

}

2 : { »

url : https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

]

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2F659EB-27E2-4149-883B-341A0DD80EB0", "versionEndExcluding": "4.7.27", "versionStartIncluding": "4.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "C14B71C7-DD47-4900-8F84-8F7A594E555B", "versionEndExcluding": "4.8.23", "versionStartIncluding": "4.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C274BA0-BBD2-45EC-82EC-CFE0BA0AED0F", "versionEndExcluding": "4.9.24", "versionStartIncluding": "4.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "A923BA69-D672-4133-82EF-AFDDA5DD12DA", "versionEndExcluding": "5.0.20", "versionStartIncluding": "5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "8A6E55DF-A05B-4420-B63B-0D1BEFB180EA", "versionEndExcluding": "5.1.17", "versionStartIncluding": "5.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC188A6D-DBA2-48CA-B6E2-EBA859AE9FEF", "versionEndExcluding": "5.2.19", "versionStartIncluding": "5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "68F28900-3DC1-45F3-9B62-3347F14ADAB0", "versionEndExcluding": "5.3.16", "versionStartIncluding": "5.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "F5470536-6271-4D35-AB38-55DAEEC87980", "versionEndExcluding": "5.4.14", "versionStartIncluding": "5.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "274301F3-C6E4-40DF-90D4-3F597F715150", "versionEndExcluding": "5.5.13", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF1391A3-84EA-469F-AB2A-B6A6AB84703C", "versionEndExcluding": "5.6.12", "versionStartIncluding": "5.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDF17959-9854-47FE-87D2-1DEE39B9F460", "versionEndExcluding": "5.7.10", "versionStartIncluding": "5.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE3F0CA8-9EAD-456A-A79E-D02473FF6075", "versionEndExcluding": "5.8.8", "versionStartIncluding": "5.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "358A2584-34C0-4E5A-BA24-855FD2092E71", "versionEndExcluding": "5.9.8", "versionStartIncluding": "5.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C359F62-24DD-4684-9806-7FBB3F5C10FC", "versionEndExcluding": "6.0.6", "versionStartIncluding": "6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "680CD6CE-8815-44F8-9689-4B2155041E19", "versionEndExcluding": "6.1.4", "versionStartIncluding": "6.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "C10ED637-5054-4830-BE95-6F2F1194CCD2", "versionEndExcluding": "6.2.3", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "4ED48F8A-D2AC-45FE-9B5F-231A0666A897", "versionEndExcluding": "6.3.2", "versionStartIncluding": "6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack"}, {"lang": "es", "value": "El complemento Popup Builder de WordPress hasta la versi\u00f3n 4.1.15 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting almacenados incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."}], "id": "CVE-2023-5561", "lastModified": "2024-11-21T08:42:01.193", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-16T20:15:18.073", "references": [{"source": "contact@wpscan.com", "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html"}, {"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/"}, {"source": "contact@wpscan.com", "tags": ["Third Party Advisory"], "url": "https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E2F659EB-27E2-4149-883B-341A0DD80EB0 (string)

versionEndExcluding : 4.7.27 (string)

versionStartIncluding : 4.7 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C14B71C7-DD47-4900-8F84-8F7A594E555B (string)

versionEndExcluding : 4.8.23 (string)

versionStartIncluding : 4.8 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2C274BA0-BBD2-45EC-82EC-CFE0BA0AED0F (string)

versionEndExcluding : 4.9.24 (string)

versionStartIncluding : 4.9 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* (string)

matchCriteriaId : A923BA69-D672-4133-82EF-AFDDA5DD12DA (string)

versionEndExcluding : 5.0.20 (string)

versionStartIncluding : 5.0 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 8A6E55DF-A05B-4420-B63B-0D1BEFB180EA (string)

versionEndExcluding : 5.1.17 (string)

versionStartIncluding : 5.1 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* (string)

matchCriteriaId : DC188A6D-DBA2-48CA-B6E2-EBA859AE9FEF (string)

versionEndExcluding : 5.2.19 (string)

versionStartIncluding : 5.2 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 68F28900-3DC1-45F3-9B62-3347F14ADAB0 (string)

versionEndExcluding : 5.3.16 (string)

versionStartIncluding : 5.3 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* (string)

matchCriteriaId : F5470536-6271-4D35-AB38-55DAEEC87980 (string)

versionEndExcluding : 5.4.14 (string)

versionStartIncluding : 5.4 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 274301F3-C6E4-40DF-90D4-3F597F715150 (string)

versionEndExcluding : 5.5.13 (string)

versionStartIncluding : 5.5 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BF1391A3-84EA-469F-AB2A-B6A6AB84703C (string)

versionEndExcluding : 5.6.12 (string)

versionStartIncluding : 5.6 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* (string)

matchCriteriaId : EDF17959-9854-47FE-87D2-1DEE39B9F460 (string)

versionEndExcluding : 5.7.10 (string)

versionStartIncluding : 5.7 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* (string)

matchCriteriaId : CE3F0CA8-9EAD-456A-A79E-D02473FF6075 (string)

versionEndExcluding : 5.8.8 (string)

versionStartIncluding : 5.8 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 358A2584-34C0-4E5A-BA24-855FD2092E71 (string)

versionEndExcluding : 5.9.8 (string)

versionStartIncluding : 5.9 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 2C359F62-24DD-4684-9806-7FBB3F5C10FC (string)

versionEndExcluding : 6.0.6 (string)

versionStartIncluding : 6.0 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 680CD6CE-8815-44F8-9689-4B2155041E19 (string)

versionEndExcluding : 6.1.4 (string)

versionStartIncluding : 6.1 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* (string)

matchCriteriaId : C10ED637-5054-4830-BE95-6F2F1194CCD2 (string)

versionEndExcluding : 6.2.3 (string)

versionStartIncluding : 6.2 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 4ED48F8A-D2AC-45FE-9B5F-231A0666A897 (string)

versionEndExcluding : 6.3.2 (string)

versionStartIncluding : 6.3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack (string)

}

1 : { »

lang : es (string)

value : El complemento Popup Builder de WordPress hasta la versión 4.1.15 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting almacenados incluso cuando la capacidad unfiltered_html no está permitida (por ejemplo, en una configuración multisitio). (string)

}

]

id : CVE-2023-5561 (string)

lastModified : 2024-11-21T08:42:01.193 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-10-16T20:15:18.073 (string)

references : [ »

0 : { »

source : contact@wpscan.com (string)

url : https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html (string)

}

1 : { »

source : contact@wpscan.com (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/ (string)

}

2 : { »

source : contact@wpscan.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/ (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441 (string)

}

]

sourceIdentifier : contact@wpscan.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object