cbcvebase.
CVE-2023-5692
published 2024-04-05

CVE-2023-5692: WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can…

PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.74%
50.0th percentile
WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.

Affected

4 ranges
VendorProductVersion rangeFixed in
debianwordpress< wordpress 6.5+dfsg1-1 (forky)wordpress 6.5+dfsg1-1 (forky)
wordpresswordpress>= 0 < 6.5+dfsg1-16.5+dfsg1-1
wordpresswordpress>= 0 < 6.5+dfsg1-16.5+dfsg1-1
wordpress_foundationwordpress<= 6.4.3

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv5.3MEDIUM
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.