Cyber Resilience

CVE-2023-5561

MediumPublic PoC

Published: 16 October 2023

Published
16 October 2023
Modified
23 April 2025
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.5302 98.0th percentile
Risk Priority 42 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-5561 is a medium-severity an unspecified weakness vulnerability in Wordpress Wordpress. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 2.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

WordPress contains an information disclosure vulnerability because it does not properly restrict which user fields are searchable through the REST API. The flaw affects sites running versions prior to the 6.3.2 release and enables queries against user data associated with public posts.

Unauthenticated attackers can issue crafted REST API requests that function as an oracle, allowing them to enumerate and confirm the email addresses of any users who have published public posts. The attack requires no authentication or user interaction and results only in limited confidentiality impact, reflected in the CVSS 5.3 score.

Advisories from Debian and WPScan indicate that the issue was resolved in WordPress 6.3.2; site administrators are advised to apply the update promptly. Corresponding Debian LTS packages were also released to address the vulnerability in supported distributions.

The CVE carries an EPSS score that reached a peak of 0.6487 before settling at the current value of 0.5302.

EU & UK References

Vulnerability details

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

wordpress
wordpress
4.7 — 4.7.27 · 4.8 — 4.8.23 · 4.9 — 4.9.24

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References