National Cyber Warfare Foundation (NCWF)

CVE-2023-3706 (activitypub)
0 user ratings		2023-10-18 18:11:18
milo
CVEs
 - archive -- 
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post (such as draft and private) via an IDOR vector

CVE-2023-3706 (activitypub)
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3706
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post (such as draft and private) via an IDOR vector
2023-10-16T20:15:14Z

Source: CVEAnnouncements
Source Link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3706

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
CVEs


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.