cvelistv5 - CVE-2022-43504

CVE-2022-43504 (GCVE-0-2022-43504)

Vulnerability from cvelistv5 – Published: 2022-12-05 00:00 – Updated: 2025-04-24 14:04

Summary

Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

Improper authentication

Assigner

jpcert

References

URL

Tags

	https://wordpress.org/download/
	https://wordpress.org/news/2022/10/wordpress-6-0-…
	https://jvn.jp/en/jp/JVN09409909/index.html

Impacted products

	Vendor	Product	Version
	WordPress.org	WordPress	Affected: versions prior to 6.0.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T13:32:59.652Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://wordpress.org/download/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN09409909/index.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-43504",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-24T14:04:12.331568Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-287",
                "description": "CWE-287 Improper Authentication",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-24T14:04:17.689Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WordPress",
          "vendor": "WordPress.org",
          "versions": [
            {
              "status": "affected",
              "version": "versions prior to 6.0.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper authentication",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-02T00:00:00.000Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://wordpress.org/download/"
        },
        {
          "url": "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN09409909/index.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2022-43504",
    "datePublished": "2022-12-05T00:00:00.000Z",
    "dateReserved": "2022-10-22T00:00:00.000Z",
    "dateUpdated": "2025-04-24T14:04:17.689Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.7.40\", \"matchCriteriaId\": \"5F6880E4-33A9-4662-8154-8906045D4BDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.8\", \"versionEndExcluding\": \"3.8.40\", \"matchCriteriaId\": \"C6365CED-6940-4570-A833-E346D5D03301\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.9\", \"versionEndExcluding\": \"3.9.39\", \"matchCriteriaId\": \"2DC78C88-0F4D-46E2-BEAE-2590B6597110\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0\", \"versionEndExcluding\": \"4.0.37\", \"matchCriteriaId\": \"9690E580-70FA-49D4-91CB-118DBFD0C772\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.1\", \"versionEndExcluding\": \"4.1.37\", \"matchCriteriaId\": \"DDF4FA05-6B4C-4B84-B287-5206F976383C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.2\", \"versionEndExcluding\": \"4.2.34\", \"matchCriteriaId\": \"6FB506F8-0A9A-466B-A9BA-27E9E16DF60A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.3\", \"versionEndExcluding\": \"4.3.30\", \"matchCriteriaId\": \"02BFC3E6-0C04-4D93-AF21-9E28F6517698\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.4\", \"versionEndExcluding\": \"4.4.29\", \"matchCriteriaId\": \"682611C5-D61E-4419-8118-CD22DF94587B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.5\", \"versionEndExcluding\": \"4.5.28\", \"matchCriteriaId\": \"ACA0694E-78EE-461C-AF6C-2992A48FACC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.6\", \"versionEndExcluding\": \"4.6.25\", \"matchCriteriaId\": \"2A35E5D1-F72A-4979-8009-AB2FD2DF50AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.7\", \"versionEndExcluding\": \"4.7.25\", \"matchCriteriaId\": \"0E49C495-D666-4946-9756-80157FE8D46E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.8\", \"versionEndExcluding\": \"4.8.21\", \"matchCriteriaId\": \"AD185AE4-EADD-4A15-BB02-D64C3570212A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.9\", \"versionEndExcluding\": \"4.9.22\", \"matchCriteriaId\": \"BF4E5ED6-7005-44C1-8027-D516FFD06CD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0\", \"versionEndExcluding\": \"5.0.18\", \"matchCriteriaId\": \"F6924C94-4641-4FF9-B224-E5FDDED36A28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.1\", \"versionEndExcluding\": \"5.1.15\", \"matchCriteriaId\": \"6D5CA8ED-6422-4E21-8D9F-944B317AA90B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.2\", \"versionEndExcluding\": \"5.2.17\", \"matchCriteriaId\": \"59157ECE-7741-483E-B134-17A211255541\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.3\", \"versionEndExcluding\": \"5.3.14\", \"matchCriteriaId\": \"83F27771-E690-463B-B0BE-467C68785879\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.4\", \"versionEndExcluding\": \"5.4.12\", \"matchCriteriaId\": \"3727394A-83E2-4536-B14D-779A0AED05C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.5\", \"versionEndExcluding\": \"5.5.11\", \"matchCriteriaId\": \"D7A11F6D-E9BD-4D06-A459-EAC1D00943ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.6\", \"versionEndExcluding\": \"5.6.10\", \"matchCriteriaId\": \"7FB1EB9F-66E8-4100-B00C-1627677A4721\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.7\", \"versionEndExcluding\": \"5.7.8\", \"matchCriteriaId\": \"ACAA8CC7-B363-465A-ABFD-90BC3BA03C1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.8\", \"versionEndExcluding\": \"5.8.6\", \"matchCriteriaId\": \"F438ADFF-5BCA-4CEC-B3C8-38DD41CB68D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.9\", \"versionEndExcluding\": \"5.9.5\", \"matchCriteriaId\": \"BEA67D29-3629-4162-9177-387A49B08EC7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0\", \"versionEndExcluding\": \"6.0.3\", \"matchCriteriaId\": \"82A446E4-E097-4D7C-9972-4B35B9D4F048\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de autenticaci\\u00f3n inadecuada en las versiones de WordPress anteriores a la 6.0.3 permite que un atacante remoto no autenticado obtenga la direcci\\u00f3n de correo electr\\u00f3nico del usuario que public\\u00f3 un blog utilizando WordPress Post by Email Feature. El desarrollador tambi\\u00e9n proporciona nuevas versiones parcheadas para todas las versiones desde la 3.7.\"}]",
      "id": "CVE-2022-43504",
      "lastModified": "2024-11-21T07:26:36.760",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
      "published": "2022-12-05T04:15:10.610",
      "references": "[{\"url\": \"https://jvn.jp/en/jp/JVN09409909/index.html\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://wordpress.org/download/\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Product\", \"Vendor Advisory\"]}, {\"url\": \"https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/\", \"source\": \"vultures@jpcert.or.jp\", \"tags\": [\"Patch\", \"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN09409909/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://wordpress.org/download/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\", \"Vendor Advisory\"]}, {\"url\": \"https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Release Notes\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-43504\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2022-12-05T04:15:10.610\",\"lastModified\":\"2025-04-24T14:15:37.990\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de autenticaci\u00f3n inadecuada en las versiones de WordPress anteriores a la 6.0.3 permite que un atacante remoto no autenticado obtenga la direcci\u00f3n de correo electr\u00f3nico del usuario que public\u00f3 un blog utilizando WordPress Post by Email Feature. El desarrollador tambi\u00e9n proporciona nuevas versiones parcheadas para todas las versiones desde la 3.7.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.7.40\",\"matchCriteriaId\":\"5F6880E4-33A9-4662-8154-8906045D4BDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.8\",\"versionEndExcluding\":\"3.8.40\",\"matchCriteriaId\":\"C6365CED-6940-4570-A833-E346D5D03301\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.9\",\"versionEndExcluding\":\"3.9.39\",\"matchCriteriaId\":\"2DC78C88-0F4D-46E2-BEAE-2590B6597110\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndExcluding\":\"4.0.37\",\"matchCriteriaId\":\"9690E580-70FA-49D4-91CB-118DBFD0C772\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1\",\"versionEndExcluding\":\"4.1.37\",\"matchCriteriaId\":\"DDF4FA05-6B4C-4B84-B287-5206F976383C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2\",\"versionEndExcluding\":\"4.2.34\",\"matchCriteriaId\":\"6FB506F8-0A9A-466B-A9BA-27E9E16DF60A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3\",\"versionEndExcluding\":\"4.3.30\",\"matchCriteriaId\":\"02BFC3E6-0C04-4D93-AF21-9E28F6517698\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4\",\"versionEndExcluding\":\"4.4.29\",\"matchCriteriaId\":\"682611C5-D61E-4419-8118-CD22DF94587B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.5\",\"versionEndExcluding\":\"4.5.28\",\"matchCriteriaId\":\"ACA0694E-78EE-461C-AF6C-2992A48FACC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.6\",\"versionEndExcluding\":\"4.6.25\",\"matchCriteriaId\":\"2A35E5D1-F72A-4979-8009-AB2FD2DF50AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.7\",\"versionEndExcluding\":\"4.7.25\",\"matchCriteriaId\":\"0E49C495-D666-4946-9756-80157FE8D46E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.8\",\"versionEndExcluding\":\"4.8.21\",\"matchCriteriaId\":\"AD185AE4-EADD-4A15-BB02-D64C3570212A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.9\",\"versionEndExcluding\":\"4.9.22\",\"matchCriteriaId\":\"BF4E5ED6-7005-44C1-8027-D516FFD06CD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0\",\"versionEndExcluding\":\"5.0.18\",\"matchCriteriaId\":\"F6924C94-4641-4FF9-B224-E5FDDED36A28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.1\",\"versionEndExcluding\":\"5.1.15\",\"matchCriteriaId\":\"6D5CA8ED-6422-4E21-8D9F-944B317AA90B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.2\",\"versionEndExcluding\":\"5.2.17\",\"matchCriteriaId\":\"59157ECE-7741-483E-B134-17A211255541\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.3\",\"versionEndExcluding\":\"5.3.14\",\"matchCriteriaId\":\"83F27771-E690-463B-B0BE-467C68785879\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4\",\"versionEndExcluding\":\"5.4.12\",\"matchCriteriaId\":\"3727394A-83E2-4536-B14D-779A0AED05C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.5.11\",\"matchCriteriaId\":\"D7A11F6D-E9BD-4D06-A459-EAC1D00943ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.6\",\"versionEndExcluding\":\"5.6.10\",\"matchCriteriaId\":\"7FB1EB9F-66E8-4100-B00C-1627677A4721\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.7\",\"versionEndExcluding\":\"5.7.8\",\"matchCriteriaId\":\"ACAA8CC7-B363-465A-ABFD-90BC3BA03C1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.8\",\"versionEndExcluding\":\"5.8.6\",\"matchCriteriaId\":\"F438ADFF-5BCA-4CEC-B3C8-38DD41CB68D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.9\",\"versionEndExcluding\":\"5.9.5\",\"matchCriteriaId\":\"BEA67D29-3629-4162-9177-387A49B08EC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0\",\"versionEndExcluding\":\"6.0.3\",\"matchCriteriaId\":\"82A446E4-E097-4D7C-9972-4B35B9D4F048\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN09409909/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://wordpress.org/download/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Product\",\"Vendor Advisory\"]},{\"url\":\"https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Patch\",\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN09409909/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://wordpress.org/download/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Vendor Advisory\"]},{\"url\":\"https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Release Notes\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://wordpress.org/download/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN09409909/index.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T13:32:59.652Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-43504\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-24T14:04:12.331568Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287 Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-24T14:04:06.594Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"WordPress.org\", \"product\": \"WordPress\", \"versions\": [{\"status\": \"affected\", \"version\": \"versions prior to 6.0.3\"}]}], \"references\": [{\"url\": \"https://wordpress.org/download/\"}, {\"url\": \"https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/\"}, {\"url\": \"https://jvn.jp/en/jp/JVN09409909/index.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Improper authentication\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2023-02-02T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-43504\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-24T14:04:17.689Z\", \"dateReserved\": \"2022-10-22T00:00:00.000Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2022-12-05T00:00:00.000Z\", \"assignerShortName\": \"jpcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-H8VF-V4QW-MVQ4

Vulnerability from github – Published: 2022-12-05 06:30 – Updated: 2025-04-24 15:30

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-43504"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-05T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature.",
  "id": "GHSA-h8vf-v4qw-mvq4",
  "modified": "2025-04-24T15:30:38Z",
  "published": "2022-12-05T06:30:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43504"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN09409909/index.html"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/download"
    },
    {
      "type": "WEB",
      "url": "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2022-43504

Vulnerability from fkie_nvd - Published: 2022-12-05 04:15 - Updated: 2025-04-24 14:15

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN09409909/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://wordpress.org/download/	Product, Vendor Advisory
vultures@jpcert.or.jp	https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/	Patch, Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN09409909/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://wordpress.org/download/	Product, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/	Patch, Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*
wordpress	wordpress	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F6880E4-33A9-4662-8154-8906045D4BDB",
              "versionEndExcluding": "3.7.40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6365CED-6940-4570-A833-E346D5D03301",
              "versionEndExcluding": "3.8.40",
              "versionStartIncluding": "3.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DC78C88-0F4D-46E2-BEAE-2590B6597110",
              "versionEndExcluding": "3.9.39",
              "versionStartIncluding": "3.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9690E580-70FA-49D4-91CB-118DBFD0C772",
              "versionEndExcluding": "4.0.37",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF4FA05-6B4C-4B84-B287-5206F976383C",
              "versionEndExcluding": "4.1.37",
              "versionStartIncluding": "4.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FB506F8-0A9A-466B-A9BA-27E9E16DF60A",
              "versionEndExcluding": "4.2.34",
              "versionStartIncluding": "4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02BFC3E6-0C04-4D93-AF21-9E28F6517698",
              "versionEndExcluding": "4.3.30",
              "versionStartIncluding": "4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "682611C5-D61E-4419-8118-CD22DF94587B",
              "versionEndExcluding": "4.4.29",
              "versionStartIncluding": "4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA0694E-78EE-461C-AF6C-2992A48FACC3",
              "versionEndExcluding": "4.5.28",
              "versionStartIncluding": "4.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A35E5D1-F72A-4979-8009-AB2FD2DF50AA",
              "versionEndExcluding": "4.6.25",
              "versionStartIncluding": "4.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E49C495-D666-4946-9756-80157FE8D46E",
              "versionEndExcluding": "4.7.25",
              "versionStartIncluding": "4.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD185AE4-EADD-4A15-BB02-D64C3570212A",
              "versionEndExcluding": "4.8.21",
              "versionStartIncluding": "4.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF4E5ED6-7005-44C1-8027-D516FFD06CD1",
              "versionEndExcluding": "4.9.22",
              "versionStartIncluding": "4.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6924C94-4641-4FF9-B224-E5FDDED36A28",
              "versionEndExcluding": "5.0.18",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5CA8ED-6422-4E21-8D9F-944B317AA90B",
              "versionEndExcluding": "5.1.15",
              "versionStartIncluding": "5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59157ECE-7741-483E-B134-17A211255541",
              "versionEndExcluding": "5.2.17",
              "versionStartIncluding": "5.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F27771-E690-463B-B0BE-467C68785879",
              "versionEndExcluding": "5.3.14",
              "versionStartIncluding": "5.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3727394A-83E2-4536-B14D-779A0AED05C1",
              "versionEndExcluding": "5.4.12",
              "versionStartIncluding": "5.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7A11F6D-E9BD-4D06-A459-EAC1D00943ED",
              "versionEndExcluding": "5.5.11",
              "versionStartIncluding": "5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FB1EB9F-66E8-4100-B00C-1627677A4721",
              "versionEndExcluding": "5.6.10",
              "versionStartIncluding": "5.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACAA8CC7-B363-465A-ABFD-90BC3BA03C1E",
              "versionEndExcluding": "5.7.8",
              "versionStartIncluding": "5.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F438ADFF-5BCA-4CEC-B3C8-38DD41CB68D9",
              "versionEndExcluding": "5.8.6",
              "versionStartIncluding": "5.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEA67D29-3629-4162-9177-387A49B08EC7",
              "versionEndExcluding": "5.9.5",
              "versionStartIncluding": "5.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82A446E4-E097-4D7C-9972-4B35B9D4F048",
              "versionEndExcluding": "6.0.3",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de autenticaci\u00f3n inadecuada en las versiones de WordPress anteriores a la 6.0.3 permite que un atacante remoto no autenticado obtenga la direcci\u00f3n de correo electr\u00f3nico del usuario que public\u00f3 un blog utilizando WordPress Post by Email Feature. El desarrollador tambi\u00e9n proporciona nuevas versiones parcheadas para todas las versiones desde la 3.7."
    }
  ],
  "id": "CVE-2022-43504",
  "lastModified": "2025-04-24T14:15:37.990",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-12-05T04:15:10.610",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN09409909/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Product",
        "Vendor Advisory"
      ],
      "url": "https://wordpress.org/download/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN09409909/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Vendor Advisory"
      ],
      "url": "https://wordpress.org/download/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

JVNDB-2022-000087

Vulnerability from jvndb - Published: 2022-11-08 14:59 - Updated:2024-06-06 16:27

Severity ?

5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

Multiple vulnerabilities in WordPress

Details

WordPress contains multiple vulnerabilities listed below which are to the WordPress Post by Email Feature.

Stored Cross-site scripting (CWE-79) - CVE-2022-43497
Stored Cross-site scripting (CWE-79) - CVE-2022-43500
Improper authentication (CWE-287) - CVE-2022-43504

Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN09409909/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-43497
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-43500
	CVE	https://www.cve.org/CVERecord?id=CVE-2022-43504
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-43497
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-43500
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-43504
	Improper Authentication(CWE-287)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

WordPress.org

WordPress

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000087.html",
  "dc:date": "2024-06-06T16:27+09:00",
  "dcterms:issued": "2022-11-08T14:59+09:00",
  "dcterms:modified": "2024-06-06T16:27+09:00",
  "description": "WordPress contains multiple vulnerabilities listed below which are to the WordPress Post by Email Feature.\r\n\u003cul\u003e\u003cli\u003eStored Cross-site scripting (CWE-79) - CVE-2022-43497\u003c/li\u003e\u003cli\u003eStored Cross-site scripting (CWE-79) - CVE-2022-43500\u003c/li\u003e\u003cli\u003eImproper authentication (CWE-287) - CVE-2022-43504\u003c/li\u003e\u003c/ul\u003e\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000087.html",
  "sec:cpe": {
    "#text": "cpe:/a:wordpress:wordpress",
    "@product": "WordPress",
    "@vendor": "WordPress.org",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2022-000087",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN09409909/index.html",
      "@id": "JVN#09409909",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43497",
      "@id": "CVE-2022-43497",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43500",
      "@id": "CVE-2022-43500",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-43504",
      "@id": "CVE-2022-43504",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43497",
      "@id": "CVE-2022-43497",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43500",
      "@id": "CVE-2022-43500",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-43504",
      "@id": "CVE-2022-43504",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-287",
      "@title": "Improper Authentication(CWE-287)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple vulnerabilities in WordPress"
}

WID-SEC-W-2022-1788

Vulnerability from csaf_certbund - Published: 2022-10-18 22:00 - Updated: 2022-12-04 23:00

Summary

WordPress: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

WordPress ist ein PHP basiertes Open Source Blog-System.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in WordPress ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen, vertrauliche Informationen offenzulegen, Sicherheitsmaßnahmen zu umgehen und Daten zu manipulieren.

Betroffene Betriebssysteme

- UNIX - Linux - MacOS X - Windows - Sonstiges

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "WordPress ist ein PHP basiertes Open Source Blog-System.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in WordPress ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, vertrauliche Informationen offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen und Daten zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- MacOS X\n- Windows\n- Sonstiges",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-1788 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1788.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-1788 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1788"
      },
      {
        "category": "external",
        "summary": "Wordpress Security Release vom 2022-10-18",
        "url": "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/"
      }
    ],
    "source_lang": "en-US",
    "title": "WordPress: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2022-12-04T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:36:45.791+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-1788",
      "initial_release_date": "2022-10-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-10-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2022-12-04T23:00:00.000+00:00",
          "number": "2",
          "summary": "CVE\u0027s erg\u00e4nzt"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source WordPress \u003c 6.0.3",
            "product": {
              "name": "Open Source WordPress \u003c 6.0.3",
              "product_id": "T025031",
              "product_identification_helper": {
                "cpe": "cpe:/a:wordpress:wordpress:6.0.3"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-43497",
      "notes": [
        {
          "category": "description",
          "text": "In WordPress existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, anonymer Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "release_date": "2022-10-18T22:00:00.000+00:00",
      "title": "CVE-2022-43497"
    },
    {
      "cve": "CVE-2022-43504",
      "notes": [
        {
          "category": "description",
          "text": "In WordPress existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund der Offenlegung der E-Mail-Adresse des Absenders in \"wp-mail.php\", der Offenlegung von Daten \u00fcber den \"REST Terms/Tags\" Endpunkt und der Weitergabe von Inhalten aus mehrteiligen E-Mails. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen."
        }
      ],
      "release_date": "2022-10-18T22:00:00.000+00:00",
      "title": "CVE-2022-43504"
    },
    {
      "cve": "CVE-2022-43500",
      "notes": [
        {
          "category": "description",
          "text": "In WordPress existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund eines offenen Redirects in \"wp_nonce_ays\", eines m\u00f6glichen CSRF in \"wp-trackback.php\", einer unsachgem\u00e4\u00dfen Wiederherstellung von gemeinsam genutzten Benutzerinstanzen und einer SQL Injection aufgrund einer unsachgem\u00e4\u00dfen Bereinigung in \"WP_Date_Query\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Umgehung von Sicherheitsma\u00dfnahmen und zur Manipulation von Daten ausnutzen."
        }
      ],
      "release_date": "2022-10-18T22:00:00.000+00:00",
      "title": "CVE-2022-43500"
    }
  ]
}

GSD-2022-43504

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-43504

Aliases

CVE-2022-43504

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-43504",
    "id": "GSD-2022-43504"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-43504"
      ],
      "details": "Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.",
      "id": "GSD-2022-43504",
      "modified": "2023-12-13T01:19:31.876930Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2022-43504",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "WordPress",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "versions prior to 6.0.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "WordPress.org"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper authentication"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://wordpress.org/download/",
            "refsource": "MISC",
            "url": "https://wordpress.org/download/"
          },
          {
            "name": "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/",
            "refsource": "MISC",
            "url": "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/"
          },
          {
            "name": "https://jvn.jp/en/jp/JVN09409909/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/jp/JVN09409909/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.3",
                "versionStartIncluding": "6.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.9.5",
                "versionStartIncluding": "5.9",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.8.6",
                "versionStartIncluding": "5.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.7.8",
                "versionStartIncluding": "5.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.6.10",
                "versionStartIncluding": "5.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.5.11",
                "versionStartIncluding": "5.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.4.12",
                "versionStartIncluding": "5.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.3.14",
                "versionStartIncluding": "5.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.2.17",
                "versionStartIncluding": "5.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.1.15",
                "versionStartIncluding": "5.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.18",
                "versionStartIncluding": "5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.9.22",
                "versionStartIncluding": "4.9",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.8.21",
                "versionStartIncluding": "4.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.7.25",
                "versionStartIncluding": "4.7",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.6.25",
                "versionStartIncluding": "4.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.5.28",
                "versionStartIncluding": "4.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.4.29",
                "versionStartIncluding": "4.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.30",
                "versionStartIncluding": "4.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2.34",
                "versionStartIncluding": "4.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.1.37",
                "versionStartIncluding": "4.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.0.37",
                "versionStartIncluding": "4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.9.39",
                "versionStartIncluding": "3.9",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.8.40",
                "versionStartIncluding": "3.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.7.40",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2022-43504"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN09409909/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN09409909/index.html"
            },
            {
              "name": "https://wordpress.org/download/",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Vendor Advisory"
              ],
              "url": "https://wordpress.org/download/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2023-02-03T16:58Z",
      "publishedDate": "2022-12-05T04:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-43504 (GCVE-0-2022-43504)

GHSA-H8VF-V4QW-MVQ4

FKIE_CVE-2022-43504

JVNDB-2022-000087

WID-SEC-W-2022-1788

GSD-2022-43504

Tags

Sightings

Nomenclature