Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-43504

Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.

Published

2022-12-05T04:15:10.610

Last Modified

2025-04-24T14:15:37.990

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-287
Type: Secondary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	wordpress	wordpress	< 3.7.40	Yes
Application	wordpress	wordpress	< 3.8.40	Yes
Application	wordpress	wordpress	< 3.9.39	Yes
Application	wordpress	wordpress	< 4.0.37	Yes
Application	wordpress	wordpress	< 4.1.37	Yes
Application	wordpress	wordpress	< 4.2.34	Yes
Application	wordpress	wordpress	< 4.3.30	Yes
Application	wordpress	wordpress	< 4.4.29	Yes
Application	wordpress	wordpress	< 4.5.28	Yes
Application	wordpress	wordpress	< 4.6.25	Yes
Application	wordpress	wordpress	< 4.7.25	Yes
Application	wordpress	wordpress	< 4.8.21	Yes
Application	wordpress	wordpress	< 4.9.22	Yes
Application	wordpress	wordpress	< 5.0.18	Yes
Application	wordpress	wordpress	< 5.1.15	Yes
Application	wordpress	wordpress	< 5.2.17	Yes
Application	wordpress	wordpress	< 5.3.14	Yes
Application	wordpress	wordpress	< 5.4.12	Yes
Application	wordpress	wordpress	< 5.5.11	Yes
Application	wordpress	wordpress	< 5.6.10	Yes
Application	wordpress	wordpress	< 5.7.8	Yes
Application	wordpress	wordpress	< 5.8.6	Yes
Application	wordpress	wordpress	< 5.9.5	Yes
Application	wordpress	wordpress	< 6.0.3	Yes

References

https://jvn.jp/en/jp/JVN09409909/index.html Third Party Advisory ([email protected])
https://wordpress.org/download/ Product, Vendor Advisory ([email protected])
https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/ Patch, Release Notes, Vendor Advisory ([email protected])
https://jvn.jp/en/jp/JVN09409909/index.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://wordpress.org/download/ Product, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/ Patch, Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)