{"id":"CVE-2022-43504","details":"Improper authentication vulnerability in WordPress versions prior to 6.0.3 allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. The developer also provides new patched releases for all versions since 3.7.","aliases":["BIT-wordpress-2022-43504","BIT-wordpress-multisite-2022-43504"],"modified":"2026-05-15T11:53:13.171484730Z","published":"2022-12-05T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/43xxx/CVE-2022-43504.json","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"last_affected":"versions prior to 6.0.3"}]}],"cna_assigner":"jpcert"},"references":[{"type":"WEB","url":"https://jvn.jp/en/jp/JVN09409909/index.html"},{"type":"WEB","url":"https://wordpress.org/download/"},{"type":"WEB","url":"https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/43xxx/CVE-2022-43504.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43504"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}