CVE-2023-5692

Severity CVSS v4.0:

Pending analysis

Type:

CWE-200 Information Leak / Disclosure

Publication date:

05/04/2024

Last modified:

15/04/2026

Description

WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose &#39;publicly_queryable&#39; post status has been set to &#39;false&#39;.

Impact

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS v3.1 Severity and Metrics:

Base Score: 5.30 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): Low
Integrity (I): None
Availability (A): None

Base Score 3.x

5.30

Severity 3.x

MEDIUM

References to Advisories, Solutions, and Tools

https://core.trac.wordpress.org/changeset/57645
https://developer.wordpress.org/reference/functions/is_post_publicly_viewable/
https://developer.wordpress.org/reference/functions/is_post_type_viewable/
https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763
https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve
https://core.trac.wordpress.org/changeset/57645
https://developer.wordpress.org/reference/functions/is_post_publicly_viewable/
https://developer.wordpress.org/reference/functions/is_post_type_viewable/
https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763
https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve