Lucene search
K

6 matches found

Debian
Debian
added 2023/11/20 9:26 p.m.45 views

[SECURITY] [DLA 3658-1] wordpress security update

Debian LTS Advisory DLA-3658-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 20, 2023 https://wiki.debian.org/LTS Package : wordpress Version : 5.0.20+dfsg1-0+deb10u1 CVE ID : CVE-2023-5561 CVE-2023-39999 Several security vulnerabilities have been...

5.3CVSS6.3AI score0.03862EPSS
Exploits5
NVD
NVD
added 2023/10/16 8:15 p.m.33 views

CVE-2023-5561

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack...

5.3CVSS5.4AI score0.03862EPSS
Exploits4References3
OSV
OSV
added 2023/10/16 8:15 p.m.7 views

DEBIAN-CVE-2023-5561

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack...

5.3CVSS6.3AI score0.03862EPSS
Exploits4References1
UbuntuCve
UbuntuCve
added 2023/10/16 8:15 p.m.96 views

CVE-2023-5561

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack...

5.3CVSS6.5AI score0.03862EPSS
Exploits4References2
OSV
OSV
added 2023/10/16 8:15 p.m.5 views

UBUNTU-CVE-2023-5561

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack...

5.3CVSS5.8AI score0.03862EPSS
Exploits4References3
OSV
OSV
added 2023/10/16 7:39 p.m.43 views

CVE-2023-5561 WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack...

5.3CVSS6.5AI score0.03862EPSS
Exploits4References5
Rows per page
Query Builder