Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:3 a.m.12 views

CVE-2023-3706

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post such as draft and private via an IDOR vector...

4.3CVSS6.2AI score0.00468EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2023/10/16 7:39 p.m.12 views

CVE-2023-3706 ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Title Disclosure

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post such as draft and private via an IDOR vector...

6.2AI score0.00468EPSS
Exploits2References1
CVE
CVE
added 2023/10/16 7:39 p.m.55 views

CVE-2023-3706

The CVE-2023-3706 entry corresponds to the WordPress ActivityPub plugin (pre-1.0.0). It describes an IDOR flaw where an authenticated user (e.g., a subscriber) can retrieve the title of arbitrary posts, including drafts and private posts, via a post ID because the plugin does not ensure that titl...

4.3CVSS4.5AI score0.00468EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/10/16 7:39 p.m.26 views

CVE-2023-3706 ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Title Disclosure

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post such as draft and private via an IDOR vector...

4.3AI score0.00468EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/09/26 12:0 a.m.16 views

WordPress ActivityPub Plugin < 1.0.0 is vulnerable to Sensitive Data Exposure

Software ActivityPub Type Plugin Vulnerable versions 1.0.0 Fixed in 1.0.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-3706 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e5fb73f459f7 Credits Erwan LR WPScan Required privilege...

4.3CVSS6.9AI score0.00468EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder