WordPress < 6.3.2 is vulnerable to Broken Access Control
Description
Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4>=4.1, <=6.3.1 (multiple ranges stated)+ 1 more
- (no CPE)range: >=4.1, <=6.3.1 (multiple ranges stated)
- (no CPE)range: 6.3
- osv-coords2 versions
>= 4.1.0, < 4.1.39+ 1 more
- (no CPE)range: >= 4.1.0, < 4.1.39
- (no CPE)range: >= 4.1.0, < 4.1.39
Patches
Vulnerability mechanics
References
6- patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisorymitrethird-party-advisory
- patchstack.com/database/vulnerability/wordpress/wordpress-wordpress-core-core-6-3-2-contributor-comment-read-on-private-and-password-protected-post-vulnerabilitymitrevdb-entry
- lists.debian.org/debian-lts-announce/2023/11/msg00014.htmlmitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EVFT4DPZRFTXJPEPADM22BZVIUD2P66/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCCVDPKOK57WCTH2QJ5DJM3B53RJNZKA/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQBL4ZQCBFNQ76XHM5257CIBFQRGT5QY/mitre
News mentions
0No linked articles in our index yet.