5 matches found
CVE-2023-3706
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post such as draft and private via an IDOR vector...
CVE-2023-3706
The CVE-2023-3706 entry corresponds to the WordPress ActivityPub plugin (pre-1.0.0). It describes an IDOR flaw where an authenticated user (e.g., a subscriber) can retrieve the title of arbitrary posts, including drafts and private posts, via a post ID because the plugin does not ensure that titl...
CVE-2023-3706 ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Title Disclosure
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post such as draft and private via an IDOR vector...
CVE-2023-3706 ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Title Disclosure
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post such as draft and private via an IDOR vector...
WordPress ActivityPub Plugin < 1.0.0 is vulnerable to Sensitive Data Exposure
Software ActivityPub Type Plugin Vulnerable versions 1.0.0 Fixed in 1.0.0 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-3706 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e5fb73f459f7 Credits Erwan LR WPScan Required privilege...