Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-qt8k-3a84-4kad
Vulnerability ID VCID-qt8k-3a84-4kad
Aliases CVE-2023-5692
Summary WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.01055 https://api.first.org/data/v1/epss?cve=CVE-2023-5692
cvssv3.1 5.3 https://core.trac.wordpress.org/changeset/57645
ssvc Track https://core.trac.wordpress.org/changeset/57645
cvssv3.1 5.3 https://developer.wordpress.org/reference/functions/is_post_publicly_viewable/
ssvc Track https://developer.wordpress.org/reference/functions/is_post_publicly_viewable/
cvssv3.1 5.3 https://developer.wordpress.org/reference/functions/is_post_type_viewable/
ssvc Track https://developer.wordpress.org/reference/functions/is_post_type_viewable/
cvssv3.1 5.3 https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763
ssvc Track https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763
cvssv3.1 5.3 https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve
ssvc Track https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-5692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5692
57645 https://core.trac.wordpress.org/changeset/57645
6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve
canonical.php#L763 https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763
is_post_publicly_viewable https://developer.wordpress.org/reference/functions/is_post_publicly_viewable/
is_post_type_viewable https://developer.wordpress.org/reference/functions/is_post_type_viewable/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://core.trac.wordpress.org/changeset/57645
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:58:59Z/ Found at https://core.trac.wordpress.org/changeset/57645
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://developer.wordpress.org/reference/functions/is_post_publicly_viewable/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:58:59Z/ Found at https://developer.wordpress.org/reference/functions/is_post_publicly_viewable/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://developer.wordpress.org/reference/functions/is_post_type_viewable/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:58:59Z/ Found at https://developer.wordpress.org/reference/functions/is_post_type_viewable/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:58:59Z/ Found at https://github.com/WordPress/wordpress-develop/blob/6.3/src/wp-includes/canonical.php#L763
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-05T13:58:59Z/ Found at https://www.wordfence.com/threat-intel/vulnerabilities/id/6e6f993b-ce09-4050-84a1-cbe9953f36b1?source=cve
Exploit Prediction Scoring System (EPSS)
Percentile 0.7788
EPSS Score 0.01055
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T13:47:17.993071+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0