CVE-2022-43504

Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.

Link	Resource
https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/	Patch Release Notes
https://jvn.jp/en/jp/JVN09409909/index.html	Third Party Advisory
https://wordpress.org/download/	Product Vendor Advisory

Configuration 1

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

---

Published : 2022-12-05 04:15

Updated : 2023-02-03 04:58

---

NVD link : CVE-2022-43504

Mitre link : CVE-2022-43504

No products.

CWE-287