What is CVE-2023-39999?

CVE-2023-39999 is a vulnerability in WordPress that allows exposure of sensitive information to an unauthorized actor.

What is the severity of CVE-2023-39999?

The severity of CVE-2023-39999 is medium, with a CVSS score of 4.3.

How does CVE-2023-39999 affect WordPress?

CVE-2023-39999 affects WordPress versions 6.3 through 6.3.1, as well as several other versions listed in the vulnerability description.

What is the fix for CVE-2023-39999?

To fix CVE-2023-39999, users should update their WordPress installation to version 6.3.2 or higher.

Where can I find more information about CVE-2023-39999?

More information about CVE-2023-39999 can be found in the references provided: [reference 1](https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve), [reference 2](https://patchstack.com/database/vulnerability/wordpress/wordpress-wordpress-core-core-6-3-2-contributor-comment-read-on-private-and-password-protected-post-vulnerability?_s_id=cve).

Vulnerability/
CVE-2023-39999

medium

4.3

CWE

200

13/10/2023

16/2/2024

CVE-2023-39999: WordPress < 6.3.2 is vulnerable to Broken Access Control

First published: Fri Oct 13 2023(Updated: )

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.

Credit: audit@patchstack.com audit@patchstack.com

Affected Software	Affected Version	How to fix
WordPress WordPress	>=4.1<=4.1.38
WordPress WordPress	>=4.2<=4.2.35
WordPress WordPress	>=4.3<=4.3.31
WordPress WordPress	>=4.4<=4.4.30
WordPress WordPress	>=4.5<=4.5.29
WordPress WordPress	>=4.6<=4.6.26
WordPress WordPress	>=4.7<=4.7.26
WordPress WordPress	>=4.8<=4.8.22
WordPress WordPress	>=4.9<=4.9.23
WordPress WordPress	>=5.0<=5.0.19
WordPress WordPress	>=5.1<=5.1.16
WordPress WordPress	>=5.2<=5.2.18
WordPress WordPress	>=5.3<=5.3.15
WordPress WordPress	>=5.4<=5.4.13
WordPress WordPress	>=5.5<=5.5.12
WordPress WordPress	>=5.6<=5.6.11
WordPress WordPress	>=5.7<=5.7.9
WordPress WordPress	>=5.8<=5.8.7
WordPress WordPress	>=5.9<=5.9.7
WordPress WordPress	>=6.0<=6.0.5
WordPress WordPress	>=6.1<=6.1.3
WordPress WordPress	>=6.2<=6.2.2
WordPress WordPress	>=6.3<6.3.2
Fedoraproject Fedora	=37
Fedoraproject Fedora	=38

Remedy

https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve

Remedy

Update to suitable (6.3.2, 6.2.3, 6.1.4, 6.0.6, 5.9.8, 5.8.8, 5.7.10, 5.6.12, 5.5.13, 5.4.14, 5.3.16, 5.2.19, 5.1.17, 5.0.20, 4.9.24, 4.8.23, 4.7.27, 4.6.27, 4.5.30, 4.4.31, 4.3.32, 4.2.36, 4.1.39) or a higher version.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-39999?
CVE-2023-39999 is a vulnerability in WordPress that allows exposure of sensitive information to an unauthorized actor.
What is the severity of CVE-2023-39999?
The severity of CVE-2023-39999 is medium, with a CVSS score of 4.3.
How does CVE-2023-39999 affect WordPress?
CVE-2023-39999 affects WordPress versions 6.3 through 6.3.1, as well as several other versions listed in the vulnerability description.
What is the fix for CVE-2023-39999?
To fix CVE-2023-39999, users should update their WordPress installation to version 6.3.2 or higher.
Where can I find more information about CVE-2023-39999?
More information about CVE-2023-39999 can be found in the references provided: [reference 1](https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve), [reference 2](https://patchstack.com/database/vulnerability/wordpress/wordpress-wordpress-core-core-6-3-2-contributor-comment-read-on-private-and-password-protected-post-vulnerability?_s_id=cve).

collector/mitre-cve
agent/references
agent/author
agent/type
agent/event
agent/remedy
agent/first-publish-date
agent/title
agent/weakness
agent/last-modified-date
agent/severity
agent/tags
agent/description
agent/softwarecombine
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/wordpress
canonical/wordpress wordpress
version/wordpress wordpress/4.1
version/wordpress wordpress/4.1.38
version/wordpress wordpress/4.2
version/wordpress wordpress/4.2.35
version/wordpress wordpress/4.3
version/wordpress wordpress/4.3.31
version/wordpress wordpress/4.4
version/wordpress wordpress/4.4.30
version/wordpress wordpress/4.5
version/wordpress wordpress/4.5.29
version/wordpress wordpress/4.6
version/wordpress wordpress/4.6.26
version/wordpress wordpress/4.7
version/wordpress wordpress/4.7.26
version/wordpress wordpress/4.8
version/wordpress wordpress/4.8.22
version/wordpress wordpress/4.9
version/wordpress wordpress/4.9.23
version/wordpress wordpress/5.0
version/wordpress wordpress/5.0.19
version/wordpress wordpress/5.1
version/wordpress wordpress/5.1.16
version/wordpress wordpress/5.2
version/wordpress wordpress/5.2.18
version/wordpress wordpress/5.3
version/wordpress wordpress/5.3.15
version/wordpress wordpress/5.4
version/wordpress wordpress/5.4.13
version/wordpress wordpress/5.5
version/wordpress wordpress/5.5.12
version/wordpress wordpress/5.6
version/wordpress wordpress/5.6.11
version/wordpress wordpress/5.7
version/wordpress wordpress/5.7.9
version/wordpress wordpress/5.8
version/wordpress wordpress/5.8.7
version/wordpress wordpress/5.9
version/wordpress wordpress/5.9.7
version/wordpress wordpress/6.0
version/wordpress wordpress/6.0.5
version/wordpress wordpress/6.1
version/wordpress wordpress/6.1.3
version/wordpress wordpress/6.2
version/wordpress wordpress/6.2.2
version/wordpress wordpress/6.3
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/37
version/fedoraproject fedora/38

CVE-2023-39999: WordPress < 6.3.2 is vulnerable to Broken Access Control

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-39999?

What is the severity of CVE-2023-39999?

How does CVE-2023-39999 affect WordPress?

What is the fix for CVE-2023-39999?

Where can I find more information about CVE-2023-39999?

Company

Resources

Contact