Unrated severityNVD Advisory· Published Dec 5, 2022· Updated Apr 24, 2025

CVE-2022-43504

Description

Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.

Affected products

osv-coords2 versions
pkg:bitnami/wordpress pkg:bitnami/wordpress-multisite
< 3.7.40+ 1 more
- (no CPE)range: < 3.7.40
- (no CPE)range: < 3.7.40
WordPress.org/WordPressv5
Range: versions prior to 6.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN09409909/index.htmlmitre
wordpress.org/download/mitre
wordpress.org/news/2022/10/wordpress-6-0-3-security-release/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000