Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.
Max CVSS
5.3
EPSS Score
0.16%
Published
2022-12-05
Updated
2023-02-03
A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission.
Max CVSS
6.5
EPSS Score
0.05%
Published
2022-04-18
Updated
2022-04-25
2 vulnerabilities found