WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Vulnerabilities

WP < 6.0.3 - Email Address Disclosure via wp-mail.php

Description

WordPress discloses the sender's email address via wp-mail.php

Affects WordPress

6.0.2
Fixed in version 6.0.3
6.0.1
Fixed in version 6.0.3
6.0
Fixed in version 6.0.3
5.9.4
Fixed in version 5.9.5
5.9.3
Fixed in version 5.9.5
5.9.2
Fixed in version 5.9.5
5.9.1
Fixed in version 5.9.5
5.9
Fixed in version 5.9.5
5.8.5
Fixed in version 5.8.6
5.8.4
Fixed in version 5.8.6

References

URL
https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
URL
https://github.com/WordPress/wordpress-develop/commit/5fcdee1b4d72f1150b7b762ef5fb39ab288c8d44

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200

Miscellaneous

Original Researcher

Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT

Verified

Yes

WPVDB ID
c5675b59-4b1d-4f64-9876-068e05145431

Timeline

Publicly Published

2022-10-17 (about 3 months ago)

Added

2022-10-19 (about 3 months ago)

Last Updated

2022-10-19 (about 3 months ago)

Our Other Services

WPScan WordPress Security Plugin