Home > Vulnerability Database > CVE-2023-5692

Mend.io Vulnerability Database

CVE-2023-5692

Date: April 5, 2024

WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.

Severity Score

5.3

Related Resources (8)

Url: https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve

Url: https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763

Url: https://core.trac.wordpress.org/changeset/57645

Url: https://developer.wordpress.org/reference/functions/is_post_publicly_viewable/

Url: https://security-tracker.debian.org/tracker/CVE-2023-5692

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-5692

Url: https://developer.wordpress.org/reference/functions/is_post_type_viewable/

Url: https://www.mend.io/vulnerability-database/CVE-2023-5692

Severity Score

5.3

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-5692

Date: April 5, 2024

Severity Score

Related Resources (8)

Severity Score

CVSS v3.1

Do you need more information?