We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | Wordfence |
Reserved | 2023-10-20 |
Published | 2024-04-05 |
Updated | 2024-08-02 |
WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
2023-10-10: | Vendor Notified |
2024-04-04: | Disclosed |
Francesco Carlucci
https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763
https://developer.wordpress.org/reference/functions/is_post_publicly_viewable/
https://developer.wordpress.org/reference/functions/is_post_type_viewable/
https://core.trac.wordpress.org/changeset/57645