WordPress 6.4.3 Sensitive Info Exposure via redirect_guess_404_permalink
CVE-2023-5692 Published on April 5, 2024

WordPress Core <= 6.4.3 - Sensitive Information Exposure via redirect_guess_404_permalink
WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.

NVD

Timeline

2023-10-10

Vendor Notified

2024-04-04

Disclosed 177 days later.

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2023-5692 has been classified to as an Information Disclosure vulnerability or weakness.

Products Associated with CVE-2023-5692

Want to know whenever a new CVE is published for WordPress? stack.watch will email you.

WordPress

Affected Versions

WordPress Foundation WordPress:

Before and including 6.4.3 is affected.

Exploit Probability

EPSS

1.08%

Percentile

77.96%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.