WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-10-16T19:39:10.424Z

Updated: 2024-08-02T07:59:44.898Z

Reserved: 2023-10-12T17:42:19.461Z

Link: CVE-2023-5561

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-10-16T20:15:18.073

Modified: 2023-11-20T23:15:06.797

Link: CVE-2023-5561

cve-icon Redhat

No data.