CVE-2022-43504 — Improper Authentication in Wordpress

CWE-287 — Improper Authentication5 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

2.9%

top 13.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Wordpress.org Wordpress

Timeline

PublishedDec 5

Description

Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDwordpress/wordpress3.8 — 3.8.40+23

▶Debianwordpress/wordpress< 5.7.8+dfsg1-0+deb11u1+3

▶CVEListV5wordpress.org/wordpressversions prior to 6.0.3

Patches

Patch: wordpress.org ↗Patch: wordpress.org ↗

🔴Vulnerability Details

CVEList

CVE-2022-43504: Improper authentication vulnerability in WordPress versions prior to 6↗2022-12-05

▶

OSV

CVE-2022-43504: Improper authentication vulnerability in WordPress versions prior to 6↗2022-12-05

▶

GHSA

GHSA-h8vf-v4qw-mvq4: Improper authentication vulnerability in WordPress versions prior to 6↗2022-12-05

▶

📋Vendor Advisories

Debian

CVE-2022-43504: wordpress - Improper authentication vulnerability in WordPress versions prior to 6.0.3 allow...↗2022

▶