Activitypub Security Vulnerabilities and Issues — Activitypub CVE List

Lucene search

AutomatticActivitypub

5 matches found

CVE•added 2024/06/11 3:15 p.m.•58 views

CVE-2023-52199

Missing Authorization vulnerability in Matthias Pfefferle & Automattic ActivityPub.This issue affects ActivityPub: from n/a through 1.0.5.

6.5CVSS6.5AI score0.00103EPSS

CVE•added 2023/10/16 8:15 p.m.•47 views

CVE-2023-5057

The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks

5.4CVSS5.6AI score0.00103EPSS

CVE•added 2023/10/16 8:15 p.m.•45 views

CVE-2023-3746

The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks

5.4CVSS5.4AI score0.00103EPSS

CVE•added 2023/10/16 8:15 p.m.•37 views

CVE-2023-3706

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post (such as draft and private) via an IDOR vector

4.3CVSS4.5AI score0.00176EPSS

CVE•added 2023/10/16 8:15 p.m.•35 views

CVE-2023-3707

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post (such as draft and private) via an IDOR vector. Password protected post...

4.3CVSS4.1AI score0.00176EPSS