CVE-2022-43504

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions WordPress versions prior to 6.0.3

Description The issue allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature.

Recommendations For WordPress versions prior to 6.0.3, update to version 6.0.3 or later to resolve the issue. As a temporary workaround, consider disabling the WordPress Post by Email Feature until a patch is available.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BIT-WORDPRESS-2022-43504

BIT-WORDPRESS-MULTISITE-2022-43504

CVE-2022-43504

DSA-5279-1

DSA-5279-2

Affected Products

Wordpress

CVE-2022-43504

Weakness Enumeration

Related Identifiers

Affected Products

References · 15