View at Official debian advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2023-5561 not yet assigned priority: Debian including 1 source packages (wordpress), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.
WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack