5 matches found
CVE-2023-3746
The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks...
CVE-2023-3746 ActivityPub for WordPress < 1.0.1 - Contributor+ Stored XSS
The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks...
CVE-2023-3746
The CVE-2023-3746 refers to the ActivityPub for WordPress plugin (pre-1.0.1) where post content was not properly sanitized/escaped, enabling Stored XSS by contributors and higher. Public details consistently state the vulnerability stems from insufficient sanitization of post content, allowing an...
CVE-2023-3746 ActivityPub for WordPress < 1.0.1 - Contributor+ Stored XSS
The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks...
WordPress ActivityPub Plugin < 1.0.1 is vulnerable to Cross Site Scripting (XSS)
Software ActivityPub Type Plugin Vulnerable versions 1.0.1 Fixed in 1.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3746 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4e185588c9f2 Credits Ben Bidner Required privilege...