debian · CVE-2023-5561

Quick triage

Priority: not yet assigned Published: Updated: Wed, 15 Jul 2026 01:44:39 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2023-5561 not yet assigned priority: Debian including 1 source packages (wordpress), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.

Description:

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack

cvelogic Threat Intelligence