WordPress 6.4.3 Sensitive Info Exposure via redirect_guess_404_permalink
CVE-2023-5692 Published on April 5, 2024

WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.

NVD

Timeline

2023-10-10

Vendor Notified

2024-04-04

Disclosed 177 days later.

Products Associated with CVE-2023-5692

Want to know whenever a new CVE is published for WordPress? stack.watch will email you.

WordPress

Affected Versions

WordPress Foundation WordPress:

Version *, <= 6.4.3 is affected.

Exploit Probability

EPSS

0.86%

Percentile

74.91%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

WordPress 6.4.3 Sensitive Info Exposure via redirect_guess_404_permalinkCVE-2023-5692 Published on April 5, 2024

Timeline

Products Associated with CVE-2023-5692

Affected Versions

Exploit Probability

WordPress 6.4.3 Sensitive Info Exposure via redirect_guess_404_permalink
CVE-2023-5692 Published on April 5, 2024