3 matches found
CVE-2023-5057
CVE-2023-5057 affects the ActivityPub for WordPress plugin prior to 1.0.0. The vulnerability arises because the plugin does not escape user metadata before outputting it in mentions, enabling Stored XSS by a Contributor+ user. Impact is stored cross-site scripting via mentions in affected WordPre...
CVE-2023-5057 ActivityPub for WordPress < 1.0.0 - Contributor+ Stored XSS
The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks...
WordPress ActivityPub Plugin < 1.0.0 is vulnerable to Cross Site Scripting (XSS)
Software ActivityPub Type Plugin Vulnerable versions 1.0.0 Fixed in 1.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5057 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7a16cc70d522 Credits Ben Bidner Required privilege...