CVE-2022-43504

Description

Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.

Affected packages (3)

• Bitnami/wordpressfrom 0, < 3.7.40, >= 3.8.0, < 3.8.40, >= 3.9.0, < 3.9.39, >= 4.0.0, < 4.0.37, >= 4.1.0, < 4.1.37, >= 4.2.0, < 4.2.34, >= 4.3.0, < 4.3.30, >= 4.4.0, < 4.4.29, >= 4.5.0, < 4.5.28, >= 4.6.0, < 4.6.25, >= 4.7.0, < 4.7.25, >= 4.8.0, < 4.8.21, >= 4.9.0, < 4.9.22, >= 5.0.0, < 5.0.18, >= 5.1.0, < 5.1.15, >= 5.2.0, < 5.2.17, >= 5.3.0, < 5.3.14, >= 5.4.0, < 5.4.12, >= 5.5.0, < 5.5.11, >= 5.6.0, < 5.6.10, >= 5.7.0, < 5.7.8, >= 5.8.0, < 5.8.6, >= 5.9.0, < 5.9.5, >= 6.0.0, < 6.0.3
• Bitnami/wordpress-multisitefrom 0, < 3.7.40, >= 3.8.0, < 3.8.40, >= 3.9.0, < 3.9.39, >= 4.0.0, < 4.0.37, >= 4.1.0, < 4.1.37, >= 4.2.0, < 4.2.34, >= 4.3.0, < 4.3.30, >= 4.4.0, < 4.4.29, >= 4.5.0, < 4.5.28, >= 4.6.0, < 4.6.25, >= 4.7.0, < 4.7.25, >= 4.8.0, < 4.8.21, >= 4.9.0, < 4.9.22, >= 5.0.0, < 5.0.18, >= 5.1.0, < 5.1.15, >= 5.2.0, < 5.2.17, >= 5.3.0, < 5.3.14, >= 5.4.0, < 5.4.12, >= 5.5.0, < 5.5.11, >= 5.6.0, < 5.6.10, >= 5.7.0, < 5.7.8, >= 5.8.0, < 5.8.6, >= 5.9.0, < 5.9.5, >= 6.0.0, < 6.0.3
• Debian/wordpressfrom 0, < 5.7.8+dfsg1-0+deb11u1

CVSS scores

References (5)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-43504
• WEBhttps://jvn.jp/en/jp/JVN09409909/index.html
• WEBhttps://nvd.nist.gov/vuln/detail/CVE-2022-43504
• WEBhttps://wordpress.org/download/
• WEBhttps://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/