Security Advisory

CVE-2023-5561

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-16 19:39:10

Last updated 2025-04-23 16:12:25

Assigner WPScan

State PUBLISHED

Description

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

← Browse all CVEs View on cve.org ↗