CVE-2023-5561

MEDIUM NUCLEI

WordPress 4.7-4.7.26 - Unauthenticated Email Address Disclosure via REST API Oracle Attack

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-5561. PoCs published by pog007, rootxsushant, dthkhang. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits CVE-2023-5561, an information leakage vulnerability in WordPress REST API, allowing unauthenticated attackers to discern user email addresses via an Oracle-style attack. The script brute-forces email domains and IDs by leveraging the API's improper search field restrictions.

Description

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

Exploits (3)

nomisec WORKING POC 4 stars
by pog007 · poc
https://github.com/pog007/CVE-2023-5561-PoC

This PoC exploits CVE-2023-5561, an information leakage vulnerability in WordPress REST API, allowing unauthenticated attackers to discern user email addresses via an Oracle-style attack. The script brute-forces email domains and IDs by leveraging the API's improper search field restrictions.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: WordPress (unspecified version, affected by CVE-2023-5561)
No auth needed
Prerequisites: Target WordPress site with REST API exposed · Users with public posts
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by rootxsushant · poc
https://github.com/rootxsushant/CVE-2023-5561-POC-Updated

This PoC exploits CVE-2023-5561, a WordPress REST API vulnerability, to brute-force user email addresses by leveraging the search parameter in the /wp-json/wp/v2/users endpoint. It includes a 10-second delay between requests to avoid detection.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: WordPress (versions affected by CVE-2023-5561)
No auth needed
Prerequisites: Target WordPress site with vulnerable REST API endpoint · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by dthkhang · poc
https://github.com/dthkhang/CVE-2023-5561-PoC

This PoC exploits CVE-2023-5561 to enumerate WordPress user email addresses via the `/wp-json/wp/v2/users` API endpoint by brute-forcing domain names. It uses multiprocessing to efficiently test possible email combinations.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: WordPress (unspecified version)
No auth needed
Prerequisites: Target WordPress site with vulnerable `/wp-json/wp/v2/users` endpoint · Python 3.x with `requests` library
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress Core - Post Author Email Disclosure
MEDIUMVERIFIEDby nqdung2002
Shodan: cpe:"cpe:2.3:a:wordpress:wordpress" || http.component:"wordpress"
FOFA: body="oembed" && body="wp-"

References (3)

Core 3

Scores

CVSS v3 5.3
EPSS 0.0386
EPSS Percentile 88.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

Status published
Products (1)
wordpress/wordpress 4.7 - 4.7.27
Published Oct 16, 2023
Tracked Since Feb 18, 2026