5 matches found
CVE-2023-3707
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post such as draft and private via an IDOR vector. Password protected post...
CVE-2023-3707 ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Content Disclosure
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post such as draft and private via an IDOR vector. Password protected post...
CVE-2023-3707 ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Content Disclosure
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post such as draft and private via an IDOR vector. Password protected post...
CVE-2023-3707
CVE-2023-3707 concerns the ActivityPub for WordPress plugin (pre-1.0.0). It allows an authenticated user (e.g., a subscriber) to disclose contents of arbitrary posts (including drafts and private posts) via an IDOR vector, with password‑protected posts unaffected. The issue’s root cause is improp...
WordPress ActivityPub Plugin < 1.0.0 is vulnerable to Sensitive Data Exposure
Software ActivityPub Type Plugin Vulnerable versions 1.0.0 Fixed in 1.0.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-3707 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1da6b07d6d66 Credits Erwan LR WPScan Required privilege...