CVE-2022-43504
First published: Mon Dec 05 2022(Updated: )
Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.
Credit: vultures@jpcert.or.jp vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress | <3.7.40 | |
| WordPress | >=3.8<3.8.40 | |
| WordPress | >=3.9<3.9.39 | |
| WordPress | >=4.0<4.0.37 | |
| WordPress | >=4.1<4.1.37 | |
| WordPress | >=4.2<4.2.34 | |
| WordPress | >=4.3<4.3.30 | |
| WordPress | >=4.4<4.4.29 | |
| WordPress | >=4.5<4.5.28 | |
| WordPress | >=4.6<4.6.25 | |
| WordPress | >=4.7<4.7.25 | |
| WordPress | >=4.8<4.8.21 | |
| WordPress | >=4.9<4.9.22 | |
| WordPress | >=5.0<5.0.18 | |
| WordPress | >=5.1<5.1.15 | |
| WordPress | >=5.2<5.2.17 | |
| WordPress | >=5.3<5.3.14 | |
| WordPress | >=5.4<5.4.12 | |
| WordPress | >=5.5<5.5.11 | |
| WordPress | >=5.6<5.6.10 | |
| WordPress | >=5.7<5.7.8 | |
| WordPress | >=5.8<5.8.6 | |
| WordPress | >=5.9<5.9.5 | |
| WordPress | >=6.0<6.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-43504?
CVE-2022-43504 is an improper authentication vulnerability in WordPress versions prior to 6.0.3.
How can a remote unauthenticated attacker exploit CVE-2022-43504?
A remote unauthenticated attacker can exploit CVE-2022-43504 to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature.
Which versions of WordPress are affected by CVE-2022-43504?
WordPress versions prior to 6.0.3 are affected by CVE-2022-43504.
What is the severity of CVE-2022-43504?
CVE-2022-43504 has a severity rating of 5.3 (medium).
How do I fix CVE-2022-43504?
To fix CVE-2022-43504, you should update your WordPress installation to version 6.0.3 or later.
- agent/type
- agent/references
- agent/severity
- agent/remedy
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/wordpress
- canonical/wordpress
- version/wordpress/3.8
- version/wordpress/3.9
- version/wordpress/4.0
- version/wordpress/4.1
- version/wordpress/4.2
- version/wordpress/4.3
- version/wordpress/4.4
- version/wordpress/4.5
- version/wordpress/4.6
- version/wordpress/4.7
- version/wordpress/4.8
- version/wordpress/4.9
- version/wordpress/5.0
- version/wordpress/5.1
- version/wordpress/5.2
- version/wordpress/5.3
- version/wordpress/5.4
- version/wordpress/5.5
- version/wordpress/5.6
- version/wordpress/5.7
- version/wordpress/5.8
- version/wordpress/5.9
- version/wordpress/6.0