WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-10-16T19:39:10.424Z
Updated: 2024-08-02T07:59:44.898Z
Reserved: 2023-10-12T17:42:19.461Z
Link: CVE-2023-5561
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-10-16T20:15:18.073
Modified: 2023-11-20T23:15:06.797
Link: CVE-2023-5561
Redhat
No data.