We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.
Reserved 2023-10-20 | Published 2024-04-05 | Updated 2024-08-02 | Assigner Wordfence2023-10-10: | Vendor Notified |
2024-04-04: | Disclosed |
Francesco Carlucci
www.wordfence.com/...-ce09-4050-84a1-cbe9953f36b1?source=cve
github.com/...develop/blob/6.3/src/wp-includes/canonical.php
developer.wordpress.org/...ctions/is_post_publicly_viewable/
developer.wordpress.org/.../functions/is_post_type_viewable/
core.trac.wordpress.org/changeset/57645
Support options