Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-39999

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.

Published

2023-10-13T12:15:09.970

Last Modified

2024-11-21T08:16:12.447

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-200
Type: Secondary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	wordpress	wordpress	≤ 4.1.38	Yes
Application	wordpress	wordpress	≤ 4.2.35	Yes
Application	wordpress	wordpress	≤ 4.3.31	Yes
Application	wordpress	wordpress	≤ 4.4.30	Yes
Application	wordpress	wordpress	≤ 4.5.29	Yes
Application	wordpress	wordpress	≤ 4.6.26	Yes
Application	wordpress	wordpress	≤ 4.7.26	Yes
Application	wordpress	wordpress	≤ 4.8.22	Yes
Application	wordpress	wordpress	≤ 4.9.23	Yes
Application	wordpress	wordpress	≤ 5.0.19	Yes
Application	wordpress	wordpress	≤ 5.1.16	Yes
Application	wordpress	wordpress	≤ 5.2.18	Yes
Application	wordpress	wordpress	≤ 5.3.15	Yes
Application	wordpress	wordpress	≤ 5.4.13	Yes
Application	wordpress	wordpress	≤ 5.5.12	Yes
Application	wordpress	wordpress	≤ 5.6.11	Yes
Application	wordpress	wordpress	≤ 5.7.9	Yes
Application	wordpress	wordpress	≤ 5.8.7	Yes
Application	wordpress	wordpress	≤ 5.9.7	Yes
Application	wordpress	wordpress	≤ 6.0.5	Yes
Application	wordpress	wordpress	≤ 6.1.3	Yes
Application	wordpress	wordpress	≤ 6.2.2	Yes
Application	wordpress	wordpress	< 6.3.2	Yes
Operating System	fedoraproject	fedora	37	Yes
Operating System	fedoraproject	fedora	38	Yes

References

https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/2EVFT4DPZRFTXJPEPADM22BZVIUD2P66/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/GCCVDPKOK57WCTH2QJ5DJM3B53RJNZKA/ Mailing List, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/[email protected]/message/WQBL4ZQCBFNQ76XHM5257CIBFQRGT5QY/ Mailing List, Third Party Advisory ([email protected])
https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve Exploit, Patch, Third Party Advisory ([email protected])
https://patchstack.com/database/vulnerability/wordpress/wordpress-wordpress-core-core-6-3-2-contributor-comment-read-on-private-and-password-protected-post-vulnerability?_s_id=cve Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/2EVFT4DPZRFTXJPEPADM22BZVIUD2P66/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/GCCVDPKOK57WCTH2QJ5DJM3B53RJNZKA/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/WQBL4ZQCBFNQ76XHM5257CIBFQRGT5QY/ Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve Exploit, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://patchstack.com/database/vulnerability/wordpress/wordpress-wordpress-core-core-6-3-2-contributor-comment-read-on-private-and-password-protected-post-vulnerability?_s_id=cve Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)