Vulnerability Details : CVE-2023-5692
WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.
Products affected by CVE-2023-5692
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2023-5692
3.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-5692
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
Wordfence | 2024-04-05 |
References for CVE-2023-5692
-
https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve
WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink
-
https://developer.wordpress.org/reference/functions/is_post_type_viewable/
is_post_type_viewable() – Function | Developer.WordPress.org
-
https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763
wordpress-develop/src/wp-includes/canonical.php at 6.3 · WordPress/wordpress-develop · GitHub
-
https://core.trac.wordpress.org/changeset/57645
429 Too Many Requests
-
https://developer.wordpress.org/reference/functions/is_post_publicly_viewable/
is_post_publicly_viewable() – Function | Developer.WordPress.org
Jump to