CVE-2023-39999Sensitive Information Exposure in Wordpress

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.9%
top 24.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
WordpressWordpress.org WordpressFedoraproject Fedora
Timeline
PublishedOct 13

Description

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 th

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDwordpress/wordpress6.36.3.2+22
Debianwordpress/wordpress< 5.7.11+dfsg1-0+deb11u1+3
CVEListV5wordpress.org/wordpress6.36.3.1+22

Also affects: Fedora 37, 38

Patches

Patch: patchstack.comPatch: patchstack.com

🔴Vulnerability Details

3
OSV
CVE-2023-39999: Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 62023-10-13
CVEList
WordPress < 6.3.2 is vulnerable to Broken Access Control2023-10-13
GHSA
GHSA-4pqc-j77p-x3p2: Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 62023-10-13

📋Vendor Advisories

1
Debian
CVE-2023-39999: wordpress - Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3...2023