Lucene search
K

5 matches found

OSV
OSV
added 2023/10/16 8:15 p.m.3 views

CVE-2023-3707

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post such as draft and private via an IDOR vector. Password protected post...

4.3CVSS7.3AI score0.00468EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/10/16 7:39 p.m.21 views

CVE-2023-3707 ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Content Disclosure

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post such as draft and private via an IDOR vector. Password protected post...

3.9AI score0.00468EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/10/16 7:39 p.m.10 views

CVE-2023-3707 ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Content Disclosure

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post such as draft and private via an IDOR vector. Password protected post...

3.6AI score0.00468EPSS
Exploits2References1
CVE
CVE
added 2023/10/16 7:39 p.m.55 views

CVE-2023-3707

CVE-2023-3707 concerns the ActivityPub for WordPress plugin (pre-1.0.0). It allows an authenticated user (e.g., a subscriber) to disclose contents of arbitrary posts (including drafts and private posts) via an IDOR vector, with password‑protected posts unaffected. The issue’s root cause is improp...

4.3CVSS4.1AI score0.00468EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/09/26 12:0 a.m.13 views

WordPress ActivityPub Plugin < 1.0.0 is vulnerable to Sensitive Data Exposure

Software ActivityPub Type Plugin Vulnerable versions 1.0.0 Fixed in 1.0.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-3707 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1da6b07d6d66 Credits Erwan LR WPScan Required privilege...

4.3CVSS6.9AI score0.00468EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder