CVE-2022-43504
WordPress Core < 6.0.3 - Information Disclosure (Email Address)
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.
Una vulnerabilidad de autenticación inadecuada en las versiones de WordPress anteriores a la 6.0.3 permite que un atacante remoto no autenticado obtenga la dirección de correo electrónico del usuario que publicó un blog utilizando WordPress Post by Email Feature. El desarrollador también proporciona nuevas versiones parcheadas para todas las versiones desde la 3.7.
WordPress Core is vulnerable to Information Disclosure of in versions up to 6.0.3. When the post by email functionality is enabled, it may log post author's email addresses in a way that may be publicly accessible. This could make it possible for attackers to steal post author's email addresses and use that for further attacks.
*Credits:
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-10-18 CVE Published
- 2022-10-22 CVE Reserved
- 2024-06-27 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-287: Improper Authentication
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://jvn.jp/en/jp/JVN09409909/index.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release | 2023-02-03 |
| URL | Date | SRC |
|---|---|---|
| https://wordpress.org/download | 2023-02-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | < 3.7.40 Search vendor "Wordpress" for product "Wordpress" and version " < 3.7.40" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 3.8 < 3.8.40 Search vendor "Wordpress" for product "Wordpress" and version " >= 3.8 < 3.8.40" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 3.9 < 3.9.39 Search vendor "Wordpress" for product "Wordpress" and version " >= 3.9 < 3.9.39" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.0 < 4.0.37 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.0 < 4.0.37" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.1 < 4.1.37 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.1 < 4.1.37" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.2 < 4.2.34 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.2 < 4.2.34" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.3 < 4.3.30 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.3 < 4.3.30" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.4 < 4.4.29 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.4 < 4.4.29" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.5 < 4.5.28 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.5 < 4.5.28" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.6 < 4.6.25 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.6 < 4.6.25" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.7 < 4.7.25 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.7 < 4.7.25" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.8 < 4.8.21 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.8 < 4.8.21" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.9 < 4.9.22 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.9 < 4.9.22" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.0 < 5.0.18 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.0 < 5.0.18" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.1 < 5.1.15 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.1 < 5.1.15" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.2 < 5.2.17 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.2 < 5.2.17" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.3 < 5.3.14 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.3 < 5.3.14" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.4 < 5.4.12 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.4 < 5.4.12" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.5 < 5.5.11 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.5 < 5.5.11" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.6 < 5.6.10 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.6 < 5.6.10" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.7 < 5.7.8 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.7 < 5.7.8" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.8 < 5.8.6 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.8 < 5.8.6" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.9 < 5.9.5 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.9 < 5.9.5" | - |
Affected
| ||||||
| Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 6.0 < 6.0.3 Search vendor "Wordpress" for product "Wordpress" and version " >= 6.0 < 6.0.3" | - |
Affected
| ||||||