CVE-2023-39999

MEDIUM

Wordpress < 4.1.38 - Information Disclosure

Title source: rule

Description

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.

References (6)

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/2EVFT4DPZRFTXJPEPADM22BZVIUD2P66/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/GCCVDPKOK57WCTH2QJ5DJM3B53RJNZKA/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/WQBL4ZQCBFNQ76XHM5257CIBFQRGT5QY/

[Exploit, Patch, Third Party Advisory] https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve

[Third Party Advisory] https://patchstack.com/database/vulnerability/wordpress/wordpress-wordpress-core-core-6-3-2-contributor-comment-read-on-private-and-password-protected-post-vulnerability?_s_id=cve

Scores

CVSS v3 4.3

EPSS 0.0089

EPSS Percentile 75.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (3)

wordpress/wordpress < 4.1.38

fedoraproject/fedora

fedoraproject/fedora

Timeline

Published Oct 13, 2023

Tracked Since Feb 18, 2026