CVE-2023-39999
WordPress < 6.3.2 is vulnerable to Broken Access Control
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.
Exposición de Información Confidencial a un Actor No Autorizado en WordPress desde 6.3 hasta 6.3.1, desde 6.2 hasta 6.2.2, desde 6.1 hasta 6.13, desde 6.0 hasta 6.0.5, desde 5.9 hasta 5.9.7, desde 5.8 hasta 5.8.7, del 5.7 al 5.7.9, del 5.6 al 5.6.11, del 5.5 al 5.5.12, del 5.4 al 5.4.13, del 5.3 al 5.3.15, del 5.2 al 5.2.18, del 5.1 al 5.1.16, del 5.0 al 5.0.19, del 4.9 al 4.9.23, del 4.8 al 4.8.22, del 4.7 al 4.7.26, del 4.6 al 4.6.26, del 4.5 al 4.5.29, del 4.4 al 4.4.30, del 4.3 al 4.3.31, del 4.2 al 4.2.35, del 4.1 al 4.1.38.
WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.3.1 via the comments listing. This allows authenticated users, with contributor-level privileges or above, to view comments on protected posts.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-08-08 CVE Reserved
- 2023-10-12 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-10-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
- CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
References (6)
URL | Date | SRC |
---|---|---|
https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve | 2024-08-02 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.1 <= 4.1.38 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.1 <= 4.1.38" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.2 <= 4.2.35 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.2 <= 4.2.35" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.3 <= 4.3.31 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.3 <= 4.3.31" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.4 <= 4.4.30 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.4 <= 4.4.30" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.5 <= 4.5.29 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.5 <= 4.5.29" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.6 <= 4.6.26 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.6 <= 4.6.26" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.7 <= 4.7.26 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.7 <= 4.7.26" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.8 <= 4.8.22 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.8 <= 4.8.22" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 4.9 <= 4.9.23 Search vendor "Wordpress" for product "Wordpress" and version " >= 4.9 <= 4.9.23" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.0 <= 5.0.19 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.0 <= 5.0.19" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.1 <= 5.1.16 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.1 <= 5.1.16" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.2 <= 5.2.18 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.2 <= 5.2.18" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.3 <= 5.3.15 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.3 <= 5.3.15" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.4 <= 5.4.13 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.4 <= 5.4.13" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.5 <= 5.5.12 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.5 <= 5.5.12" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.6 <= 5.6.11 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.6 <= 5.6.11" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.7 <= 5.7.9 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.7 <= 5.7.9" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.8 <= 5.8.7 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.8 <= 5.8.7" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 5.9 <= 5.9.7 Search vendor "Wordpress" for product "Wordpress" and version " >= 5.9 <= 5.9.7" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 6.0 <= 6.0.5 Search vendor "Wordpress" for product "Wordpress" and version " >= 6.0 <= 6.0.5" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 6.1 <= 6.1.3 Search vendor "Wordpress" for product "Wordpress" and version " >= 6.1 <= 6.1.3" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 6.2 <= 6.2.2 Search vendor "Wordpress" for product "Wordpress" and version " >= 6.2 <= 6.2.2" | - |
Affected
| ||||||
Wordpress Search vendor "Wordpress" | Wordpress Search vendor "Wordpress" for product "Wordpress" | >= 6.3 < 6.3.2 Search vendor "Wordpress" for product "Wordpress" and version " >= 6.3 < 6.3.2" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 38 Search vendor "Fedoraproject" for product "Fedora" and version "38" | - |
Affected
|