CVE-2023-5692 in WordPress
Summary
by MITRE • 04/05/2024
WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/14/2026
The vulnerability identified as CVE-2023-5692 represents a critical sensitive information exposure issue within WordPress Core versions up to and including 6.4.3. This flaw resides in the redirect_guess_404_permalink function which is responsible for handling URL redirection and 404 error processing within the WordPress framework. The vulnerability stems from improper handling of custom post types where the publicly_queryable parameter has been explicitly set to false, yet the system still reveals the post slug information to unauthenticated attackers. This represents a significant deviation from WordPress security expectations where posts marked as non-queryable should remain hidden from public access.
The technical exploitation of this vulnerability occurs through crafted requests that trigger the redirect_guess_404_permalink function, which then processes the URL structure and inadvertently exposes internal post metadata. When a custom post type has publicly_queryable set to false, the normal WordPress security mechanisms should prevent direct access to the post slug through URL patterns. However, this vulnerability allows attackers to bypass these protections by leveraging the permalink redirection logic, effectively leaking information about posts that should remain private or restricted. The flaw essentially creates a backdoor pathway through which sensitive slug information can be discovered without proper authentication.
From an operational impact perspective, this vulnerability enables attackers to gather intelligence about internal content structures and potentially identify specific post types or content that may be of interest for further exploitation. The exposure of post slugs can provide attackers with valuable information for crafting more sophisticated attacks, including targeted phishing campaigns, social engineering attempts, or identifying potential vulnerabilities in specific content types. The information leakage could also assist in reconnaissance activities for broader attack vectors, as attackers can map out content structures and identify potentially sensitive or high-value posts within the WordPress installation. This vulnerability directly impacts the principle of least privilege and information hiding that should be maintained within WordPress systems.
Organizations affected by this vulnerability should immediately upgrade to WordPress Core version 6.4.4 or later, which contains the necessary patches to address the sensitive information exposure issue. The mitigation strategy should also include monitoring for suspicious URL access patterns and implementing additional security measures such as web application firewalls that can detect and block attempts to exploit this specific vulnerability. Security teams should conduct thorough audits of their WordPress installations to identify any custom post types that may be improperly configured and ensure that appropriate access controls are in place. This vulnerability aligns with CWE-200, which describes the exposure of sensitive information to an unauthorized actor, and could potentially support ATT&CK techniques related to reconnaissance and credential access through information gathering activities.